Backing up and restoring SELinux file contexts
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 17 20:43:04 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Sweetser wrote:
> I'm looking at helping to extend the Bacula backup system to handle SELinux
> file contexts, and I wanted to make sure I'm going down the right path.
>
> Now as I understand it, the context associated with a file on disk can be
> retrieved via getfilecon, and set via setfilecon.
>
> However, on disk, the context is stored as an extended attribute, which are
> handled via getxattr and setxattr.
>
> So my question is, is it practical to just use the *xattr functions to backup
> and restore the file contexts, or do I need to perform an explicit check to
> see if I'm running on an SELinux system and, if so, use the *filecon functions
> instead? I'd prefer to use the *xattr functions if at all possible, since
> that would simplify a lot of cases, such as restoring an SELinux system from a
> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
> I'm missing.
>
I would not make your tool know anything about SELinux. It should just
back up and restore all extended attributes. SELinux is not the only
user of xattrs and more tools in the future might use it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjRa9cACgkQrlYvE4MpobOvCQCdG/u3ZxR/mpJ+IrDfFDRoYnfo
QqUAn3ZKCy/tE47c1cqFoHYnz5JVPieH
=bL8J
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list