FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 09-17-2008, 03:52 PM
Frank Sweetser
 
Default Backing up and restoring SELinux file contexts

I'm looking at helping to extend the Bacula backup system to handle SELinux
file contexts, and I wanted to make sure I'm going down the right path.

Now as I understand it, the context associated with a file on disk can be
retrieved via getfilecon, and set via setfilecon.

However, on disk, the context is stored as an extended attribute, which are
handled via getxattr and setxattr.

So my question is, is it practical to just use the *xattr functions to backup
and restore the file contexts, or do I need to perform an explicit check to
see if I'm running on an SELinux system and, if so, use the *filecon functions
instead? I'd prefer to use the *xattr functions if at all possible, since
that would simplify a lot of cases, such as restoring an SELinux system from a
non SELinux aware rescue disk, but want to make sure there aren't any gotchas
I'm missing.

--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-17-2008, 08:43 PM
Daniel J Walsh
 
Default Backing up and restoring SELinux file contexts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Sweetser wrote:
> I'm looking at helping to extend the Bacula backup system to handle SELinux
> file contexts, and I wanted to make sure I'm going down the right path.
>
> Now as I understand it, the context associated with a file on disk can be
> retrieved via getfilecon, and set via setfilecon.
>
> However, on disk, the context is stored as an extended attribute, which are
> handled via getxattr and setxattr.
>
> So my question is, is it practical to just use the *xattr functions to backup
> and restore the file contexts, or do I need to perform an explicit check to
> see if I'm running on an SELinux system and, if so, use the *filecon functions
> instead? I'd prefer to use the *xattr functions if at all possible, since
> that would simplify a lot of cases, such as restoring an SELinux system from a
> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
> I'm missing.
>
I would not make your tool know anything about SELinux. It should just
back up and restore all extended attributes. SELinux is not the only
user of xattrs and more tools in the future might use it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjRa9cACgkQrlYvE4MpobOvCQCdG/u3ZxR/mpJ+IrDfFDRoYnfo
QqUAn3ZKCy/tE47c1cqFoHYnz5JVPieH
=bL8J
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-18-2008, 02:06 AM
Frank Sweetser
 
Default Backing up and restoring SELinux file contexts

Daniel J Walsh wrote:
> Frank Sweetser wrote:
>> I'm looking at helping to extend the Bacula backup system to handle SELinux
>> file contexts, and I wanted to make sure I'm going down the right path.
>
>> Now as I understand it, the context associated with a file on disk can be
>> retrieved via getfilecon, and set via setfilecon.
>
>> However, on disk, the context is stored as an extended attribute, which are
>> handled via getxattr and setxattr.
>
>> So my question is, is it practical to just use the *xattr functions to backup
>> and restore the file contexts, or do I need to perform an explicit check to
>> see if I'm running on an SELinux system and, if so, use the *filecon functions
>> instead? I'd prefer to use the *xattr functions if at all possible, since
>> that would simplify a lot of cases, such as restoring an SELinux system from a
>> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
>> I'm missing.
>
> I would not make your tool know anything about SELinux. It should just
> back up and restore all extended attributes. SELinux is not the only
> user of xattrs and more tools in the future might use it.

Thanks - that's exactly the answer I was hoping for.

--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 06:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org