SELinux - a question about external drive after upgrade

[Mike]

Daniel J Walsh <dwalsh <at> redhat.com> writes:

> Yes that should work

OK I have now conducted some tests that confirm that this scheme does work.

I have a pre-existing USB drive formatted ext3 that I have been
regularly using on a main machine as a central backup store for the
main directories for several machines on my LAN for some years.
Since this disk contains backups for several computers in the
local network and I would rather not have to recreate all the files
but use the same drive for SELinux enabled machines as I transition to
the main machine being SELinux enabled.

In order to test viability using the same drive as a backup drive
under SELinux I plugged  this disk into a laptop USB port directly.
The laptop is running F9 with SELinux enabled and fully up to date.

The drive plugs in and automagically opens a window in the desktop
under gnome showing the directories in the drive (in this case just
one /media/usbdisc3/BACKUPS, and the machine subdirectories are within
the BACKUPS directory).
The disk is labelled as usbdisc3 so appears as /media/usbdisc3
I then made a directory at the top level of this drive called "test".

As a first test I copied the file /etc/resolv to this drive from this
machine using the simple command as root:
# rsync -aXHv /etc/resolv.conf /media/usbdisc3/test/

Then I umounted the USB drive and plugged it back in from cold.

The crucial test was to check the file permissions and contexts which
appeared as in the output below:
[mike at lapmike2 ~]$ ll -Z /media/usbdisc3/test/
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  resolv.conf

checking the original file gave:
[mike at lapmike2 ~]$ ll -Z /etc/resolv.conf
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  /etc/resolv.conf

We can see that the permissions, ownership and security contexts have
been preserved in the rsync transfer.

Then I booted up a second machine also running f9 with SElinux enabled
and on that machine did as root:
# rsync -aXHv -e ssh /etc/hosts lapmike2w:/media/usbdisc3/test/

Checking the original file details gave:
[mike at lapmike3 ~]$ ll -Z /etc/hosts
-rw-r--r--  root root system_u:object_r:etc_t:s0       /etc/hosts

and on the machine on which the backup file now resides we can check
the newly created file:
[mike at lapmike2 ~]$ ll -Z /media/usbdisc3/test/
-rw-r--r--  root root system_u:object_r:etc_t:s0       hosts
-rw-r--r--  root root system_u:object_r:net_conf_t:s0  resolv.conf

So we see that the all the file attributes have been copied across
correctly, and a restore of these files with their extended attributes
can be made using rsync -aXHv from the backup drive onto any machine
as desired.

So this works nicely and the original drive does not need to be
reformatted, nor the file system re-created. Running a backup
overwriting the original one with no security contexts works fine.