Daniel J Walsh wrote:
> Frank Sweetser wrote:
>> I'm looking at helping to extend the Bacula backup system to handle SELinux
>> file contexts, and I wanted to make sure I'm going down the right path.
>
>> Now as I understand it, the context associated with a file on disk can be
>> retrieved via getfilecon, and set via setfilecon.
>
>> However, on disk, the context is stored as an extended attribute, which are
>> handled via getxattr and setxattr.
>
>> So my question is, is it practical to just use the *xattr functions to backup
>> and restore the file contexts, or do I need to perform an explicit check to
>> see if I'm running on an SELinux system and, if so, use the *filecon functions
>> instead? I'd prefer to use the *xattr functions if at all possible, since
>> that would simplify a lot of cases, such as restoring an SELinux system from a
>> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
>> I'm missing.
>
> I would not make your tool know anything about SELinux. It should just
> back up and restore all extended attributes. SELinux is not the only
> user of xattrs and more tools in the future might use it.
Thanks - that's exactly the answer I was hoping for.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
