I run rsync to backup my Fedora rawhide system onto a USB hard drive:
rsync --archive --recursive --acls --xattrs --delete
--exclude='/selinux' --exclude='/lost+found/*' --exclude='/dev/*'
--exclude='/media/*' --exclude='/proc/*' --exclude='/sys/*'
--exclude='*/.gvfs' --exclude='/mnt/disk*/*' --stats / /media/Backup1
'/media/Backup1' is mounted on an ext4 file system. Two (fuse)
mounted ntfs-3g file systems (/mnt/windows and /mnt/music) are backed
up with this as well.
The ntfs-3g files systems project SELinux labels of fuse_t:
[root@tlondon temp]# ls -lZ /mnt/windows/temp
-rwxrwxrwx root root system_u:object_r:fusefs_t:s0 setup.log
[root@tlondon temp]#
But they "really" have no attributes:
[root@tlondon temp]# getfattr /mnt/windows/temp/*
getfattr: /mnt/windows/temp/setup.log: Operation not supported
[root@tlondon temp]#
When I run the above rsync command, I get error spew from rsync
complaining about failures trying to remove 'security.selinux'
attributes from the destination copies of files from the ntfs-3g file
systems:
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/WINDOWS/twain_32/wiatwain.ds","security.selinux")
failed: Permission denied (13)
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/temp","security.selinux") failed: Permission
denied (13)
rsync: rsync_xal_clear:
lremovexattr("mnt/windows/temp/setup.log","security.selinux") failed:
Permission denied (13)
Seems that rsync is trying to 'match' the attributes on the
destination to 'match' those from the source. In this case, the
source files have no attributes.
So, what should the behavior be (in this case) when rsync-ing files
from a file system not supporting attributes to one that does?
Seems wrong to me to allow rsync to remove the 'security.selinux'
attributes (as it is attempting but failing now), leaving unlabelled
files on the destination file system.
This could be the code at issue:
static int rsync_xal_set(const char *fname, item_list *xalp,
const char *fnamecmp, stat_x *sxp)
{
<<<<<SNIP>>>>>
/* Remove any extraneous names. */
for (name = namebuf; list_len > 0; name += name_len) {
name_len = strlen(name) + 1;
list_len -= name_len;
#ifdef HAVE_LINUX_XATTRS
/* We always ignore the system namespace, and non-root
* ignores everything but the user namespace. */
if (am_root ? HAS_PREFIX(name, SYSTEM_PREFIX)
: !HAS_PREFIX(name, USER_PREFIX))
continue;
#endif
A simple patch could include checking for "SECURITY_PREFIX" in the
'am_root' leg, but is that correct?
What about other kinds of attributes (e.g., "Trusted extended
attributes")? Should they be handled this way?
I've BZ'd this here: https://bugzilla.redhat.com/show_bug.cgi?id=461486
Thoughts/wisdom?
thanks,
tom
--
Tom London
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
