At 10:18 PM -0400 4/23/06, Tony Nelson wrote: >At 8:32 PM -0400 4/20/06, Tony Nelson wrote: >>This is probably only marginally related to SELinux. I'm trying to learn >>how to use dump and restore (via DVD+/-R), and I've gotten it working to >>the point where the files seem to be OK but the SELinux Extended Attributes >>are not. I used the commands (as root, with / being LogVol02): >> >> # mount -r /dev/VolGroup00/LogVol00 /mnt/lv00 >> # dump -0 -L xxx -B 4590208 -f /tmp/dumpdvd /dev/VolGroup00/LogVol00 >> [cdrecord used once per tape, from another terminal] >> # cdrecord -v -sao dev=dvd -data /tmp/dumpdvd >> # restore -C -f /dev/dvd >> >>OK, some of that is superstition, but it works except for about one of >>these messages for each file, and no other errors (according to grep -v): >> >> ./path/to/file: EA foo_x:object_r:bar_y value changed >> >>What am I doing wrong? > >What I'm doing wrong is dumping (on FC5) a volume made with FC3 and then >running restore on FC5. FC5's SELinux activates the 4th component (MLS) of >the Security Context. Getxattr() is returning the 4th component (probably >inventing it), but dump didn't put one in the dump -- looking at the code, >I think that the 4th component must not be on the source disk. > >I found this by groveling through the source for restore, looking at >misleading ls -lZ output, and then calling getxattr() and seeing what it >returned. This would have been easier if ls -lZ showed the same thing that >getxattr() returned, but ls -lZ left off the new MLS stuff. > >Is there a way to set SELinux to allow restore -C to work? > >What would need to be done to restore to get it to cope with this change, >for dumps that don't have MLS being restored on systems that do? Having received no response from this list, the problem is moved to bugzilla: [Bug 189845] New: FC5 SELinux causes miscompares for restore -C https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189845 [ dump-Bugs-1475895 ] FC5 SELinux causes miscompares for restore -C https://sourceforge.net/tracker/?func=detail&atid=101306&aid=1475895&group_id=1306 ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
