Bug 304171 - rsync does not carry selinux security context across transfer
rsync does not carry selinux security context across transfer
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rsync (Show other bugs)
i686 Linux
high Severity high
: ---
: ---
Assigned To: Simo Sorce
: FutureFeature, Triaged
Depends On:
Blocks: 391511
  Show dependency treegraph
Reported: 2007-09-24 17:56 EDT by Richard Riley
Modified: 2010-10-22 14:55 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-10-03 12:40:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard Riley 2007-09-24 17:56:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; AT&T CSM8.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322)

Description of problem:
I'm using rsync to synchronize customer account files across multiple WEB servers.  It copies files fine.  The problem is that it does not maintain the selinux security context of these files which causes application access problems. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Create a file or files with other than default security context on the source machine.
2. run rsync -avz sourcedir rsync://destmachine/module
3. run ls -lZ on destination files.

Actual Results:
Security context of the files on the remote machine after transfer reverted to default values.

Expected Results:
All files should have retained the security context they were set to on the source machine.

Additional info:
I have over 150 customers with each customer directory structure having almost 3000 files (not all with same security context), so rsync would seem to be the only logical method for keeping all the customer files updated by only distributing those files that have changed (or their differences) across the LAN in a timely fashion with minimal overhead.  I need this to use an rsync daemon on the remote WEB servers, so no root login is required.  I prefer to not have to run any backend script to correct the context after the fact (due to number of files and additional manhours required).  There is an open trouble ticket on this problem.  It is 1768828.
Comment 3 Simo Sorce 2007-10-10 23:53:01 EDT
Richard, to carry over SELinux labels rsync need to support syncing extended
We have this in RHEL5 (-X option) but not in RHEL4.
I will see if we can address this in an update.
Comment 13 RHEL Product and Program Management 2008-10-03 12:40:50 EDT
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.