Trouble with dump / restore
Tony Nelson
tonynelson at georgeanelson.com
Mon Apr 24 02:18:32 UTC 2006
At 8:32 PM -0400 4/20/06, Tony Nelson wrote:
>This is probably only marginally related to SELinux. I'm trying to learn
>how to use dump and restore (via DVD+/-R), and I've gotten it working to
>the point where the files seem to be OK but the SELinux Extended Attributes
>are not. I used the commands (as root, with / being LogVol02):
>
> # mount -r /dev/VolGroup00/LogVol00 /mnt/lv00
> # dump -0 -L xxx -B 4590208 -f /tmp/dumpdvd /dev/VolGroup00/LogVol00
> [cdrecord used once per tape, from another terminal]
> # cdrecord -v -sao dev=dvd -data /tmp/dumpdvd
> # restore -C -f /dev/dvd
>
>OK, some of that is superstition, but it works except for about one of
>these messages for each file, and no other errors (according to grep -v):
>
> ./path/to/file: EA foo_x:object_r:bar_y value changed
>
>What am I doing wrong?
What I'm doing wrong is dumping (on FC5) a volume made with FC3 and then
running restore on FC5. FC5's SELinux activates the 4th component (MLS) of
the Security Context. Getxattr() is returning the 4th component (probably
inventing it), but dump didn't put one in the dump -- looking at the code,
I think that the 4th component must not be on the source disk.
I found this by groveling through the source for restore, looking at
misleading ls -lZ output, and then calling getxattr() and seeing what it
returned. This would have been easier if ls -lZ showed the same thing that
getxattr() returned, but ls -lZ left off the new MLS stuff.
Is there a way to set SELinux to allow restore -C to work?
What would need to be done to restore to get it to cope with this change,
for dumps that don't have MLS being restored on systems that do?
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
More information about the fedora-selinux-list
mailing list