[BackupPC-users] SELinux problems with rsync

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I am using Fedora 7. SELinux blocks rsync access to all files that don't
have a "public_content" label. The selinux profile includes boolean
option "rsync_export_all_ro", but enabling it did not help. It seems to
only apply to rsyncd, and not rsync over ssh.

I switched to rsync over ssh, but I now find the strange problem that
rsync fails if given the "--xattrs" option, which saves selinux tags. It
did not generate an selinux alert, so perhaps there are some limitations
with rsync when run with explicit --server args the way BackupPC does?
Has anyone else figured this out?

I was able to configure backups using tar, but rsync is more reliable
for incremental backups. OTOH, rsync takes more CPU to check for changed
files.

Also, the default config for ssh is to directly log in as root. It is
better to log in as an unprivileged user and use sudo, which can be
restricted for backups. It is easy enough to customize this, but it is
better for the defaults to encourage better security.

Joe Krahn