Best way to copy /usr to different partition?

Stephen Smalley sds at tycho.nsa.gov
Fri Dec 7 21:16:39 UTC 2007 

On Fri, 2007-12-07 at 12:35 -0800, Daniel B. Thurman wrote:
> Tony Nelson wrote:
> >Sent: Friday, December 07, 2007 8:43 AM
> >To: fedora-list at redhat.com
> >Subject: Re: Best way to copy /usr to different partition?
> >
> >
> >At 10:43 PM -0500 12/6/07, Kevin J. Cummings wrote:
> >>Daniel B. Thurman wrote:
> >>> I was getting dangerously close to running out of disk space
> >>> since /usr was filling up fast.
> >>>
> >>> I thought it was simple to tar-copy /usr to a different 
> >drive/partiton
> >>> using tar copy such as:
> >>>
> >>> (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -)
> >>
> >>using tar doesn't copy the extended attributes used by SELinux. ...
> > ...
> >
> >`man tar` shows the --xattrs and --no-xattrs options (though 
> >`man tar` and
> >`info tar` don't say what the default is), so tar should work 
> >for EAs if
> >used with --xattrs.
> >-- 
> >____________________________________________________________________
> >TonyN.:'                       <mailto:tonynelson at georgeanelson.com>
> >      '                              <http://www.georgeanelson.com/>
> >
> >-- 
> 
> I have discovered that using:
> 
> (cd /usr-b; tar -cp -xattrs -f - .) | (cd /usr; tar -xp --xattrs -f -)

That's a bug - bugzilla it.  Should work with --xattrs or --selinux.

> OR
> (cd /usr; cp -pR /usr-b/. .)

Use cp -a; cp -p only deals with DAC perms.

> did not preserve the selinux attributes.
> 
> I have checked the attributes in /usr-b/lib/libsysfs* and
> it has lib_t assigned to these files against the copied files
> /usr/lib/libsysfs* and it shows default_t instead of lib_t.
> 
> This may mean that my entire /usr filesystem has improper
> selinux attributes.
> 
> Can someone tell me how to copy the files from my original
> /usr-b filesystem to /usr filesystem with the selinux attributes
> intact?

star is supposed to know how to handle xattrs.
tar was patched in F8 but something seems amiss there.
cp has support.
Or you can just copy however you please and then perform a relabel,
either by running fixfiles relabel manually or by touch /.autorelabel
and reboot.

-- 
Stephen Smalley
National Security Agency

More information about the fedora-list mailing list