Description of problem: Running rsync daemons from xinetd, I get: type=AVC msg=audit(1195494511.811:620538): avc: denied { dac_override } for pid=26101 comm="rsync" capability=1 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:system_r:rsync_t:s0 tclass=capability type=AVC msg=audit(1195494511.811:620538): avc: denied { dac_read_search } for pid=26101 comm="rsync" capability=2 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:system_r:rsync_t:s0 tclass=capability and the rsync daemon cannot chdir to the proper directory. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-106.el5.3 (built on rhel5, not 5.1) How reproducible: everytime
You can add these rules using audit2allow. I will add these permissions in u2.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in selinux-policy-2.4.6-107.el5
QE ack for RHEL5.2. Reproducer in comment 0.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html