Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

22.2. Types

The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with rsync. Different types all you to configure flexible access:
public_content_t
This is a generic type used for the location of files (and the actual files) to be shared using rsync. If a special directory is created to house files to be shared with rsync, the directory and its contents need to have this label applied to them.
rsync_exec_t
This type is used for the /usr/bin/rsync system binary.
rsync_log_t
This type is used for the rsync log file, located at /var/log/rsync.log by default. To change the location of the file rsync logs to, use the --log-file=FILE option to the rsync command at run-time.
rsync_var_run_t
This type is used for the rsyncd lock file, located at /var/run/rsyncd.lock. This lock file is used by the rsync server to manage connection limits.
rsync_data_t
This type is used for files and directories which you want to use as rsync domains and isolate them from the access scope of other services. Also, the public_content_t is a general SELinux context type, which can be used when a file or a directory interacts with multiple services (for example, FTP and NFS directory as an rsync domain).
rsync_etc_t
This type is used for rsync-related files in the /etc directory.