rsync as backup for laptop to desktop external HD
Forrest Taylor
ftaylor at redhat.com
Mon Oct 6 15:28:07 UTC 2008
On Fri, 2008-10-03 at 07:33 +0000, Mike wrote:
> I have for many years run backups from laptops on the local LAN to an external
> USB drive attached to the main desktop machine using rsync -aH.
> The main desktop is running F8 with SELinux disabled.
>
> In recent months I upgraded the laptop to F9 with SELinux enabled.
>
> I have just realised that the method I use gives files on the backup drive
> that have no selinux contexts... so in the event of having to rebuild a laptop
> and pulling files off the backup drive the selinux contexts would have to be
> recreated.
>
> I am fairly new to SELinux but I presume that merely adding -X to the rsync
> command would still not produce any contexts on the files that are generated
> on the backup drive since the machine that is processing the rsync at the
> receive end has SELinux disabled.
That is correct. The remote OS does not understand the SELinux
contexts, so you will get many errors when you try the -X option.
> At some point the desktop will be upgraded to F9 (and later F10) with SELinux
> enabled - and I am now not sure if attaching the original external USB drive
> unchanged would then still result in files without any security contexts on
> the external drive?
Be careful using two different operating systems with rsync--if the
local OS is trying to backup to the remote OS, and the remote OS doesn't
know about the contexts on the local OS, you will again have errors.
> If this is the case would I need to label the filesystem on the external drive?
> What is the best route to getting this backup system working to preserve
> security contexts for all files (including system areas such as /var /etc ?
Before it gets too complex, let me just say that you may be able to
simply use `restorecon -Rv /etc` to restore contexts to everything
in /etc/. This may be the simplest solution.
Baring that, the easiest way to get backups with good contexts is to use
getfattr to store the current contexts to a file. You will be able to
use the file to restore contexts.
If you wanted to backup the SELinux attributes for all files/dirs
in /etc/, for example, run:
getfattr -Rdh -m security.selinux /etc > /etc/SELinux-attrs
If you wanted to restore from backup, do the data restore, then run the
following:
cd /
setfattr -h --restore=/etc/SELinux-attrs
Run `ls -Z /etc/` to verify proper context.
--
Forrest Taylor
Global Learning Services Project Manager III
Cell: 303-913-5169
AIM: forresttaylorred
Red Hat IRC: forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20081006/d5c50b9b/attachment.sig>
More information about the fedora-selinux-list
mailing list