Mail Lists-3 wrote: > > > Cant speak for others but I do not backup selinux labels. I cannot > speak to other attributes or ACL's. > > I think of selinux labels as belonging to the host server policy not > the backup machine - so the policy in my mind comes from the target > where the backups would be restored to. > > So, if you backed up /home/cloaked/foo and restored it to > bing:/home/cloaked/foo then I would expect the labels to come from the > policy on bing - whether or not the backup was made from bing or > somewhere else. > > > >> > How would this differ if rdiff-backup was used instead? Since >> > rdiff-backup is rsync based .... > > Dunno - I kind of thought rdiff-backup had better extended attribute > handling than rsync itself and its my preferred tool anyway. > > gene/ > > Generally true - but one situation I found the backup done my way that I liked, to include labels, was when transitioning from F10 to F11 where I had specific labels on some files in /opt to avoid avc denials in F10. In order to move to F11 with ext4 what I did was to create a backup on the external drive and included the original labelling for F10, for the entire /opt structure. Then when I installed F11, I allowed the installer to format both / and /opt with ext4. Then once the install was completed I restored the /opt backup to the new /opt partition for F11 including the old F10 labels, and was able to progress using the files with their old contexts apart from an occasional need to change a context. Presumably had I restored using rsync -aH only then the file contexts would have been made according to the F11 current policy and not been a generic "file_t". Some instances would certainly not have worked such as a mail spool area on /opt that would not have been given their correct mail related contexts after the restore - although I don't know if the mail spool area, once bind mounted onto the root directory mail spool, would then get their correct contexts if I used a restorecon command on the mail spool at that time? I don't know if the same also would then apply to user areas residing on the /opt/Local/home directory? Again initially the files would have incorrect contexts restoring using rsync -aH and again once bind mounted to /home would restorecon put the correct labels back? -- View this message in context: http://www.nabble.com/rsync-as-backup-from-f11-to-F10---issues-tp24925988p24951776.html Sent from the Fedora SELinux List mailing list archive at Nabble.com. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
