On Wed, Aug 12, 2009 at 9:36 PM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote: > On 08/11/2009 05:30 PM, Mike Cloaked wrote: >> >> >> >> Mike Cloaked wrote: >>> >>> >>> Machines on the LAN have been running backups across the network using an >>> rsync command within a script which essentially does: >>> rsync --delete -aXH --exclude blah /opt >>> home1:/media/usbdrive/BACKUPS/myhostname >>> and similar for other directories. >>> >>> This has worked fine until I installed F11 on some of the machines in the >>> LAN, with ext4 filesystems on them. >>> >>> Trying the same thing in this case gave AVC denials on the machine >>> (running F10) to which the the external usb drive was attached (and with >>> an ext3 filesystem to take the backups) >>> >>> The AVC contained: >>> Summary >>> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t. >>> >>> >> >> I wonder if this is related to >> https://bugzilla.redhat.com/show_bug.cgi?id=510649 > Yes you are trying to put F11 labels on an F10 box. Just setup rsync to not maintain labels. > You mean use flags -aH and not -AXH ? I suppose that not putting labels onto the backup will then mean that restoring (if it became necessary) from the backup stored on the F10 box would then generate labels on the F11 box being restored that are correct according to current policy for F11 if I use rsync -aH during the restore process. Presumably labels of some kind will be generated on the backup drive on the F10 machine but would not be related to the labels on the originals. Is this how others do backups? How would this differ if rdiff-backup was used instead? Since rdiff-backup is rsync based presumably the same thinking applies? -- mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
