Actually, in the meantime, I stumbled over more issues with swift and selinux. Maybe casual users should simply disable selinux. My current selinux custom policy looks like this:
-------------------------------------------------------------------------------------------------
module local 1.0;
require {
type var_lock_t;
type rsync_port_t;
type rsync_exec_t;
type rsync_t;
type swift_t;
class tcp_socket name_connect;
class file { create execute execute_no_trans open read };
}
#============= rsync_t ==============
#!!!! This avc is allowed in the current policy
allow rsync_t var_lock_t:file create;
#!!!! This avc is allowed in the current policy
allow swift_t rsync_port_t:tcp_socket name_connect;
-------------------------------------------------------------------------------------------------
Actually, in the meantime, I stumbled over more issues with swift and selinux. Maybe casual users should simply disable selinux. My current selinux custom policy looks like this:
------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------
module local 1.0;
require {
type var_lock_t;
type rsync_port_t;
type rsync_exec_t;
type rsync_t;
type swift_t;
class tcp_socket name_connect;
class file { create execute execute_no_trans open read };
}
#============= rsync_t ==============
#!!!! This avc is allowed in the current policy
allow rsync_t var_lock_t:file create;
#============= swift_t ==============
allow swift_t rsync_exec_t:file { execute execute_no_trans open read };
#!!!! This avc is allowed in the current policy t:tcp_socket name_connect; ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------
allow swift_t rsync_port_
-------