[rdiff-backup-users] How to back up SELinux contexts?

[Troels Arvin]

Hello,

I'm backing up a Red Hat Enterprise Linux 4 with enabled SELinux support.
It seems that SELinux "security contexts" for files aren't backed up by
rdiff-backup.

I tought that SELinux's security contexts were implemented by extended
attributes (and that rdiff-backup would therefore be able to record them),
but - well, rdiff-backup doesn't seem to store them, even when doing
filesystem-to-filesystem backups on the same file system (no network
in-between).

The file system is ext3, and the "Filesystem features" row of tune2fs
output claims "ext_attr" (among other things). However, strangely, this
doesn't work:

cd /var/test
touch foo
setfattr -u bar -v baz foo

Error message: "setfattr: foo: Operation not supported".

And "getfattr foo" simply shows nothing for the file.

However, "ls -lZ foo" yields:
-rw-r--r-- root root root:object_r:var_lib_t foo
- so the file certainly has a security context.

strace'ing on "ls -lZ foo" shows calls to getxattr and lgetxattr (can't
find any man pages on these functions).

So something "fishy" is going on; probably a strange interaction between
SELinux and the "normal" was of obtaining file extended attributes. It
even seems that two different types of file extended attributes exist:
user extended attributes, and system extended attributes. Hmm.

I'm thinking: rdiff-backup could probably somehow be modified to obtain
SELinux security contexts. Gentoo seems to have a python-selinux package,
but I can't find it elsewhere. If I find out which c library has
getxattr()/lgetxattr(): Is it possible for rdiff-backup to issue c library
functions, without having a python-selinux layer installed?

-- 
Greetings from Troels Arvin