Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
22.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
rsync. Different types all you to configure flexible access:
public_content_t- This is a generic type used for the location of files (and the actual files) to be shared using
rsync. If a special directory is created to house files to be shared withrsync, the directory and its contents need to have this label applied to them. rsync_exec_t- This type is used for the
/usr/bin/rsyncsystem binary. rsync_log_t- This type is used for the
rsynclog file, located at/var/log/rsync.logby default. To change the location of the file rsync logs to, use the--log-file=FILEoption to thersynccommand at run-time. rsync_var_run_t- This type is used for the
rsyncdlock file, located at/var/run/rsyncd.lock. This lock file is used by thersyncserver to manage connection limits. rsync_data_t- This type is used for files and directories which you want to use as rsync domains and isolate them from the access scope of other services. Also, the
public_content_tis a general SELinux context type, which can be used when a file or a directory interacts with multiple services (for example, FTP and NFS directory as an rsync domain). rsync_etc_t- This type is used for rsync-related files in the
/etcdirectory.
