Summary: SELinux is preventing /usr/bin/rsync "append" access on /var/log/rsyncd. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by rsync. It is not expected that this access is required by rsync and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log/rsyncd [ file ] Source rsync Source Path /usr/bin/rsync Port <Unknown> Host (removed) Source RPM Packages rsync-3.0.7-3.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-21.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.4-95.fc13.x86_64 #1 SMP Thu May 13 05:16:23 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 31 May 2010 10:50:17 PM EDT Last Seen Mon 31 May 2010 10:50:17 PM EDT Local ID 7ec258de-98d9-4185-b783-32e2526a2cad Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1275360617.537:10093): avc: denied { append } for pid=3650 comm="rsync" name="rsyncd" dev=sda6 ino=1001 scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1275360617.537:10093): arch=c000003e syscall=2 success=yes exit=3 a0=f84990 a1=441 a2=1b6 a3=0 items=0 ppid=16544 pid=3650 auid=501 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="rsync" exe="/usr/bin/rsync" subj=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,rsync,rsync_t,var_log_t,file,append audit2allow suggests: #============= rsync_t ============== allow rsync_t var_log_t:file append;
Either you can add default label for your '/var/log/rsyncd' log file # semanage fcontext -a -t rsync_log_t "/var/log/rsyncd" # restorecon -Rv /var/log/rsyncd or you can specify your log file as --log-file=/var/log/rsync.log