Forrest Taylor <ftaylor <at> redhat.com> writes: > That is correct. The remote OS does not understand the SELinux > contexts, so you will get many errors when you try the -X option. OK I have now run some tests to verify that the backup scheme I had originally hoped would work does indeed work as planned. I have a pre-existing USB drive formatted ext3 that I have been regularly using on a main machine running SELinux disabled as a central backup store for the main directories for several machines on my LAN for some years. This disk contains backups for about half a dozen computers in the local network and I would rather not have to recreate all the files but use the same drive for SELinux enabled machines as I transition to the main machine being SELinux enabled. In order to test viability using the same drive as a backup drive under SELinux I plugged this disk into a laptop USB port directly. The laptop is running F9 with SELinux enabled and fully up to date. The drive plugs in and automagically opens a window in the desktop under Gnome showing the directories in the drive (in this case just one /media/usbdisc3/BACKUPS, and the machine subdirectories are within the BACKUPS directory. The disk is labelled as usbdisc3 so appears as /media/usbdisc3 I then made a new directory at the top level of this drive called test. As a first test I copied the file /etc/resolv to this drive from this machine using the simple command as root: # rsync -aXHv /etc/resolv.conf /media/usbdisc3/test/ Then I umounted the USB drive and plugged it back in from cold. The crucial test was to check the file permissions and contexts which appeared as in the output below: [mike@lapmike2 ~]$ ll -Z /media/usbdisc3/test/ -rw-r--r-- root root system_u:object_r:net_conf_t:s0 resolv.conf checking the original file gave: [mike@lapmike2 ~]$ ll -Z /etc/resolv.conf -rw-r--r-- root root system_u:object_r:net_conf_t:s0 /etc/resolv.conf We can see that the permissions, ownership and security contexts have been preserved in the rsync transfer. Then I booted up a second machine also running f9 with SElinux enabled and on that machine did as root: # rsync -aXHv -e ssh /etc/hosts lapmike2w:/media/usbdisc3/test/ Checking the original file details gave: [mike@lapmike3 ~]$ ll -Z /etc/hosts -rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/hosts and on the machine on which the backup file now resides we can check the newly created file: [mike@lapmike2 ~]$ ll -Z /media/usbdisc3/test/ -rw-r--r-- root root system_u:object_r:etc_t:s0 hosts -rw-r--r-- root root system_u:object_r:net_conf_t:s0 resolv.conf So we see that the all the file attributes have been copied across correctly, and a restore of these files with their extended attributes can be made using rsync -aXHv from the backup drive onto any machine as desired. So this works nicely and the original drive does not need to be reformatted, nor the file system re-created. Running a backup overwriting the original one with no security contexts works fine. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list