Re: SELinux is preventing /bin/login...access on the file /bin/bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/12/2011 12:38 PM, Alan Stern wrote:
> On Mon, 12 Dec 2011, David Quigley wrote:
> 
>> It looks like your backup didn't backup the security labels. How
>> did you make the back up?
> 
> Suppose one makes a backup using rsync.  What is the proper way to
>  back up the security labels along with the data?
> 
> I tried using rsync's -X option, which is supposed to preserve
> extended attributes.  All that happened was I got a huge set of
> errors because rsync wasn't allowed to set the security-label
> attribute for the newly created backup files (and this was all
> running as root).
> 
> Alan Stern
> 
I think it is often best to just run a restorecon on a bunch of files
that get restored from an archive rather then storing the security
attributes.  The reason for this, is there is a chance that the
default security label of a file might have changed since you created
the archive.  For example if you were updating from Fedora 15 to
Fedora 16 and backed up your home directory, restoring the Fedora 15
labels is probably not what you want, you would want to ask the system
how a properly labeled home directory should be and make it so.

restorecon -R -v /home

Would fix all of the attributes in this case.

In certain security sensitive environments you would want the labels
to be stored, but I would figure in most cases people would prefer to
have the labels match what the system expects.

Why rsync was not able to maintain the labels I do not know, but you
probably should have opened a bugzilla.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7mPscACgkQrlYvE4MpobM3AACfTfGkQeTQmJyDEzfZQyFkzGWF
zUEAoNt/i82hXS6r011qZQcD7vrlhM6n
=JLpw
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux