PDA

View Full Version : rsync stopping in the middle of a system backup and how I resolved issue



donatom
12th February 2017, 03:33 AM
I recently ran into a problem with rsync when backing up a Fedora system, the problem being that the backup would just stop for no apparent reason. I googled extensively but could find no solution.

Evidently selinux which was set to enforce would not permit rsync to copy some system files. My solution was to disable selinux by editing the /etc/selinux/config file.

I changed "SELINUX=enabled" to "SELINUX=disabled". Here is how my config file looked after doing so:


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


I then reran rsync and the backup was able to run until completion.

After running rsync it probably would be wise to re-enable selinux.

I hope my experience will be helpful to others.

marko
12th February 2017, 04:31 AM
You can switch selinux off and back on in realtime with 'seenforce', using
'donatom' as the user account to do the rsync for example. Just run 'mybackup.sh' as root
to do the backup. This way selinux is only off for a small time when the copy occurs



#!/bin/bash
#
# mybackup.sh
#
# script running as root as required for setenforce

/usr/sbin/setenforce 0

# do the rsync as user donatom
/usr/bin/su -c "/usr/bin/rsync options sourcedir destinationdir" - donatom

/usr/sbin/setenforce 1
"0" isn't really off but "permissive" mode, it will allow selinux violations to happen but they will be logged

REF: https://fedoraproject.org/wiki/SELinux/setenforce

bobx001
12th February 2017, 02:05 PM
IMHO, Selinux is NSA's backdoor into our free realm, and I disable it whenever/wherever I find it.