Re: [rdiff-backup-users] How to back up SELinux contexts?

[Ben Escoto]

>>>>> Troels Arvin <address@hidden>
>>>>> wrote the following on Wed, 25 Jan 2006 16:56:39 +0100
>
> So something "fishy" is going on; probably a strange interaction between
> SELinux and the "normal" was of obtaining file extended attributes. It
> even seems that two different types of file extended attributes exist:
> user extended attributes, and system extended attributes. Hmm.

Yes, this is correct, sometimes (when I'm being more careful) I say that
rdiff-backup supports user extended attributes.  ACLs are stored as
extended attributes also, but supporting them didn't come automatically
with EA support...

I was hoping that the ACL support would cover the selinux stuff.  I'm
pretty ignorant of selinux so if the selinux stuff doesn't count as ACLs
I'm not sure how to add support.

> I'm thinking: rdiff-backup could probably somehow be modified to obtain
> SELinux security contexts. Gentoo seems to have a python-selinux package,
> but I can't find it elsewhere. If I find out which c library has
> getxattr()/lgetxattr(): Is it possible for rdiff-backup to issue c library
> functions, without having a python-selinux layer installed?

selinux may show up under getxattr, but I don't think it's possible to
write them with setfattr (as you saw).  Having read-only selinux support
would be pretty pointless, so someone needs to find out how to create
those selinux things.

rdiff-backup contains some C code, so it can call C functions.  I'm not
really a C guy though, so I prefer to rely on existing wrapper modules
where they exist.


-- 
Ben Escoto

pgpe2pCHB4eA_.pgp
Description: PGP signature