On Fri, 2008-10-03 at 07:33 +0000, Mike wrote: > I have for many years run backups from laptops on the local LAN to an external > USB drive attached to the main desktop machine using rsync -aH. > The main desktop is running F8 with SELinux disabled. > > In recent months I upgraded the laptop to F9 with SELinux enabled. > > I have just realised that the method I use gives files on the backup drive > that have no selinux contexts... so in the event of having to rebuild a laptop > and pulling files off the backup drive the selinux contexts would have to be > recreated. > > I am fairly new to SELinux but I presume that merely adding -X to the rsync > command would still not produce any contexts on the files that are generated > on the backup drive since the machine that is processing the rsync at the > receive end has SELinux disabled. That is correct. The remote OS does not understand the SELinux contexts, so you will get many errors when you try the -X option. > At some point the desktop will be upgraded to F9 (and later F10) with SELinux > enabled - and I am now not sure if attaching the original external USB drive > unchanged would then still result in files without any security contexts on > the external drive? Be careful using two different operating systems with rsync--if the local OS is trying to backup to the remote OS, and the remote OS doesn't know about the contexts on the local OS, you will again have errors. > If this is the case would I need to label the filesystem on the external drive? > What is the best route to getting this backup system working to preserve > security contexts for all files (including system areas such as /var /etc ? Before it gets too complex, let me just say that you may be able to simply use `restorecon -Rv /etc` to restore contexts to everything in /etc/. This may be the simplest solution. Baring that, the easiest way to get backups with good contexts is to use getfattr to store the current contexts to a file. You will be able to use the file to restore contexts. If you wanted to backup the SELinux attributes for all files/dirs in /etc/, for example, run: getfattr -Rdh -m security.selinux /etc > /etc/SELinux-attrs If you wanted to restore from backup, do the data restore, then run the following: cd / setfattr -h --restore=/etc/SELinux-attrs Run `ls -Z /etc/` to verify proper context. -- Forrest Taylor Global Learning Services Project Manager III Cell: 303-913-5169 AIM: forresttaylorred Red Hat IRC: forrest
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
