22.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
rsync
. Different types all you to configure flexible access:
public_content_t
- This is a generic type used for the location of files (and the actual files) to be shared using
rsync
. If a special directory is created to house files to be shared withrsync
, the directory and its contents need to have this label applied to them. rsync_exec_t
- This type is used for the
/usr/bin/rsync
system binary. rsync_log_t
- This type is used for the
rsync
log file, located at/var/log/rsync.log
by default. To change the location of the file rsync logs to, use the--log-file=FILE
option to thersync
command at run-time. rsync_var_run_t
- This type is used for the
rsyncd
lock file, located at/var/run/rsyncd.lock
. This lock file is used by thersync
server to manage connection limits. rsync_data_t
- This type is used for files and directories which you want to use as rsync domains and isolate them from the access scope of other services. Also, the
public_content_t
is a general SELinux context type, which can be used when a file or a directory interacts with multiple services (for example, FTP and NFS directory as an rsync domain). rsync_etc_t
- This type is used for rsync-related files in the
/etc
directory.