rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rdiff-backup-users] Re: Re: How to back up SELinux contexts?

From: Troels Arvin
Subject: [rdiff-backup-users] Re: Re: How to back up SELinux contexts?
Date: Mon, 30 Jan 2006 08:11:11 +0100
User-agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.) 
On Fri, 27 Jan 2006 12:15:54 -0800, dean gaudet wrote:
>> dumb selinux question... does rdiff-backup have permissions to read all
>> the attributes?  i assume selinux has some way of controlling that...

root can read the contexts, e.g. with "ls -lZ" (note the Z); I don't know
exactly how it's done (behind the scenes).

> also further dumb selinux question... i wonder if rdiff-backup's
> filesystem capabilities detection code is getting errors because selinux
> is preventing it from testing extended attributes... you might try
> running with a -vN for some N>4 to get more verbose logging.

"rdiff-backup -v 4 /var/lib/rpm /root/test/rpm yields:
=================================================================
ACLs not supported by filesystem at /var/lib/rpm
-----------------------------------------------------------------
Detected abilities for source (read only) file system:
  Access control lists                         Off
  Extended attributes                          On
  Mac OS X style resource forks                Off
  Mac OS X Finder information                  Off
-----------------------------------------------------------------
Extended attributes not supported by filesystem at 
test/rpm/rdiff-backup-data/rdiff-backup.tmp.0
ACLs not supported by filesystem at 
test/rpm/rdiff-backup-data/rdiff-backup.tmp.0
-----------------------------------------------------------------
Detected abilities for destination (read/write) file system:
  Characters needing quoting                   ''
  Ownership changing                           On
  Hard linking                                 On
  fsync() directories                          On
  Directory inc permissions                    On
  High-bit permissions                         On
  Access control lists                         Off
  Extended attributes                          Off
  Mac OS X style resource forks                Off
  Mac OS X Finder information                  Off
-----------------------------------------------------------------
Starting mirror /var/lib/rpm to test/rpm
=================================================================

In this test, I'm backing up on the same system (and even on the same file
system), as root. I'm not 100% sure of what the file system _really_
permits, but it's strange that the value of "Extended attributes" differs.
And I find it strange that ACLs aren't seen as supported, but I'll have to
look closer into it (it could be that I need to do something to turn them
on).

> and for restores it would certainly need to be able to recreate all
> selinux attributes -- a privelege level which is almost certainly not
> the default for all binaries even when run as root...

Well, I can easily use the "chcon" utility as root, so nothing should
prevent the same kind of operation when restoring. But as this point, I'm
mostly interested in finding out why rdiff-backup isn't recording the
security context values in the metadata database.

-- 
Greetings from Troels Arvin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]