Re: rsync as backup from f11 to F10 - issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 13/08/09 10:26, Mike Cloaked wrote:



Mail Lists-3 wrote:


    Cant speak for others but I do not backup selinux labels. I cannot
speak to other attributes or ACL's.

   I think of selinux labels as belonging to the host server policy not
the backup machine - so the policy in my mind comes from the target
where the backups would be restored to.

   So, if you backed up /home/cloaked/foo and restored it to
bing:/home/cloaked/foo then I would expect the labels to come from the
policy on bing - whether or not the backup was made from bing or
somewhere else.




How would this differ if rdiff-backup was used instead?  Since
rdiff-backup is rsync based ....

   Dunno - I kind of thought rdiff-backup had better extended attribute
handling than rsync itself and its my preferred tool anyway.

  gene/




Generally true - but one situation I found the backup done my way that I
liked, to include labels, was when transitioning from F10 to F11 where I had
specific labels on some files in /opt to avoid avc denials in F10.

In order to move to F11 with ext4 what I did was to create a backup on the
external drive and included the original labelling for F10, for the entire
/opt structure.  Then when I installed F11, I allowed the installer to
format both / and /opt with ext4.  Then once the install was completed I
restored the /opt backup to the new /opt partition for F11 including the old
F10 labels, and was able to progress using the files with their old contexts
apart from an occasional need to change a context.

Presumably had I restored using rsync -aH only then the file contexts would
have been made according to the F11 current policy and not been a generic
"file_t".  Some instances would certainly not have worked such as a mail
spool area on /opt that would not have been given their correct mail related
contexts after the restore - although I don't know if the mail spool area,
once bind mounted onto the root directory mail spool, would then get their
correct contexts if I used a restorecon command on the mail spool at that
time?

I don't know if the same also would then apply to user areas residing on the
/opt/Local/home directory? Again initially the files would have incorrect
contexts restoring using rsync -aH and again once bind mounted to /home
would restorecon put the correct labels back?


You'll like this:
http://danwalsh.livejournal.com/27571.html

Paul.


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux