rsync as backup from f11 to F10 - issues

Thu Aug 13 10:38:49 UTC 2009

On 13/08/09 10:26, Mike Cloaked wrote:
>
>
> Mail Lists-3 wrote:
>>
>>     Cant speak for others but I do not backup selinux labels. I cannot
>> speak to other attributes or ACL's.
>>
>>    I think of selinux labels as belonging to the host server policy not
>> the backup machine - so the policy in my mind comes from the target
>> where the backups would be restored to.
>>
>>    So, if you backed up /home/cloaked/foo and restored it to
>> bing:/home/cloaked/foo then I would expect the labels to come from the
>> policy on bing - whether or not the backup was made from bing or
>> somewhere else.
>>
>>
>>
>>>> How would this differ if rdiff-backup was used instead?  Since
>>>> rdiff-backup is rsync based ....
>>    Dunno - I kind of thought rdiff-backup had better extended attribute
>> handling than rsync itself and its my preferred tool anyway.
>>
>>   gene/
>>
>>
>
> Generally true - but one situation I found the backup done my way that I
> liked, to include labels, was when transitioning from F10 to F11 where I had
> specific labels on some files in /opt to avoid avc denials in F10.
>
> In order to move to F11 with ext4 what I did was to create a backup on the
> external drive and included the original labelling for F10, for the entire
> /opt structure.  Then when I installed F11, I allowed the installer to
> format both / and /opt with ext4.  Then once the install was completed I
> restored the /opt backup to the new /opt partition for F11 including the old
> F10 labels, and was able to progress using the files with their old contexts
> apart from an occasional need to change a context.
>
> Presumably had I restored using rsync -aH only then the file contexts would
> have been made according to the F11 current policy and not been a generic
> "file_t".  Some instances would certainly not have worked such as a mail
> spool area on /opt that would not have been given their correct mail related
> contexts after the restore - although I don't know if the mail spool area,
> once bind mounted onto the root directory mail spool, would then get their
> correct contexts if I used a restorecon command on the mail spool at that
> time?
>
> I don't know if the same also would then apply to user areas residing on the
> /opt/Local/home directory? Again initially the files would have incorrect
> contexts restoring using rsync -aH and again once bind mounted to /home
> would restorecon put the correct labels back?

You'll like this:
http://danwalsh.livejournal.com/27571.html

Paul.