Re: SELinux - a question about external drive after upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh <dwalsh <at> redhat.com> writes:

> Yes that should work

OK I have now conducted some tests that confirm that this scheme does work.

I have a pre-existing USB drive formatted ext3 that I have been
regularly using on a main machine as a central backup store for the
main directories for several machines on my LAN for some years.
Since this disk contains backups for several computers in the
local network and I would rather not have to recreate all the files
but use the same drive for SELinux enabled machines as I transition to
the main machine being SELinux enabled.

In order to test viability using the same drive as a backup drive
under SELinux I plugged  this disk into a laptop USB port directly.
The laptop is running F9 with SELinux enabled and fully up to date.

The drive plugs in and automagically opens a window in the desktop
under gnome showing the directories in the drive (in this case just
one /media/usbdisc3/BACKUPS, and the machine subdirectories are within
the BACKUPS directory).
The disk is labelled as usbdisc3 so appears as /media/usbdisc3
I then made a directory at the top level of this drive called "test".

As a first test I copied the file /etc/resolv to this drive from this
machine using the simple command as root:
# rsync -aXHv /etc/resolv.conf /media/usbdisc3/test/

Then I umounted the USB drive and plugged it back in from cold.

The crucial test was to check the file permissions and contexts which
appeared as in the output below:
[mike@lapmike2 ~]$ ll -Z /media/usbdisc3/test/
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  resolv.conf

checking the original file gave:
[mike@lapmike2 ~]$ ll -Z /etc/resolv.conf
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  /etc/resolv.conf

We can see that the permissions, ownership and security contexts have
been preserved in the rsync transfer.

Then I booted up a second machine also running f9 with SElinux enabled
and on that machine did as root:
# rsync -aXHv -e ssh /etc/hosts lapmike2w:/media/usbdisc3/test/

Checking the original file details gave:
[mike@lapmike3 ~]$ ll -Z /etc/hosts
-rw-r--r--  root root system_u:object_r:etc_t:s0       /etc/hosts

and on the machine on which the backup file now resides we can check
the newly created file:
[mike@lapmike2 ~]$ ll -Z /media/usbdisc3/test/
-rw-r--r--  root root system_u:object_r:etc_t:s0       hosts
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  resolv.conf

So we see that the all the file attributes have been copied across
correctly, and a restore of these files with their extended attributes
can be made using rsync -aXHv from the backup drive onto any machine
as desired.

So this works nicely and the original drive does not need to be
reformatted, nor the file system re-created. Running a backup
overwriting the original one with no security contexts works fine.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux