Best way to copy /usr to different partition?

Stephen Smalley sds at tycho.nsa.gov
Fri Dec 7 20:40:21 UTC 2007 

On Fri, 2007-12-07 at 11:12 -0800, Daniel B. Thurman wrote:
> Daniel B. Thurman wrote:
> 
> >Sent: Thursday, December 06, 2007 7:31 PM
> >To: Fedora-List (E-mail)
> >Subject: Best way to copy /usr to different partition?
> >
> >I was getting dangerously close to running out of disk space
> >since /usr was filling up fast.
> >
> >I thought it was simple to tar-copy /usr to a different drive/partiton
> >using tar copy such as:
> >
> >(cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -)
> >
> >I tar copied the contents of /usr into my new drive/partition
> >and I changed the partition label to /usr, updated my
> >/etc/fstab file, renamed my /usr to /usr-b, created
> >an empty directory /usr, chmod it to 775, mounted
> >/usr - and it all looked fine.  I then unmounted /usr,
> >and then rebooted.
> >
> >The reboot reported that there was a problem with
> >the two library files: somelibfile.so.1 and somelibfile.so.2
> >and then gnome came up with user/password screen.
> >
> >I logged in as a normal user, and after that point, I a
> >black screen came up with the gnome-X-cursor and
> >then stopped.  Nothing worked at this point.
> >
> >I then rebooted using rescue CD, and examined the
> >messages log file and it appears that selinux reported
> >all sorts of AVC denied over /usr and other non-system
> >mounted filesystems.
> >
> >Clearly, it seems that selinux is having problems.
> >
> >I suppose I can reboot setting the selinux = 0 and then
> >begin the task of somehow repairing selinux tags in all
> >of my files?  Does this make any sense?
> >
> >Anyone have a better solution?
> >
> >I could reverse the /usr process and get rename /usr-b
> >and comment out the /usr from my fstab, but I wanted
> >some input from member in this forum before attempting
> >to do that - I would end up back to my original disk-space
> >problem.
> >
> >Any advice?
> >
> 
> Ok, I have booted into rescue CD, and performed these steps:
> 
> 1) (cd /usr-b; tar -cp --xattrs -f - .) | (cd /usr; tar -xp -xattrs -f -)
> 2) touch /.relabel

That should be 'touch /.autorelabel'.

Or pass 'autorelabel' as an argument on the kernel command line at boot.

> 3) reboot
> 
> And I was able to get back into GDM and to log in as a normal
> user using the login screen, however the boot processes did
> report errors and the messages log as well:
> 
> 1)  restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf)
> 2)  SELINUX: avc denied {search } comm="ifconfig" name="lib"   (7 times)
> 3)  SELINUX: avc denied {read}    comm="mount"    name="locale-archive"
> 4)  SELINUX: avc denied {read}    comm="mount"    name="locale-alias"
> 5)  SELINUX: avc denied {search}  comm="dmesg"    name="lib"   (7 times)
> 6)  SELINUX: avc denied {search}  comm="dmesg"    name="share"
> 7)  SELINUX: avc denied {search}  comm="kudzu"    name="lib"   (7 times)
> 8)  SELINUX: avc denied {search}  comm="kudzu"    name="share" (5 times)
> 9)  SELINUX: avc denied {search}  comm="arping"   name="lib"   (16 times)
> 10) SELINUX: avc denied {getattr} comm="arping"   name="/usr/lib"
> 11) arping: libsysfs.so.1 and libsysfs.so.2
> 
> Note: most of these files have default_t assigned to these files... and
> it says that for "arping", it needs to have netutils_t assigned.
> 
> It seems to me, that the only files I need to worry about are the above
> libsysfs.so.1/2 needs to be relabeled and I am not sure what to do about
> the /etc/resolv.conf file.
> 
> Can anyone advise what I can do at this point?
> 
> No virus found in this outgoing message.
> Checked by AVG Free Edition. 
> Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date: 12/6/2007 11:15 PM
>  
> 
-- 
Stephen Smalley
National Security Agency

More information about the fedora-list mailing list