Best way to copy /usr to different partition?
I was getting dangerously close to running out of disk space
since /usr was filling up fast. I thought it was simple to tar-copy /usr to a different drive/partiton using tar copy such as: (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) I tar copied the contents of /usr into my new drive/partition and I changed the partition label to /usr, updated my /etc/fstab file, renamed my /usr to /usr-b, created an empty directory /usr, chmod it to 775, mounted /usr - and it all looked fine. I then unmounted /usr, and then rebooted. The reboot reported that there was a problem with the two library files: somelibfile.so.1 and somelibfile.so.2 and then gnome came up with user/password screen. I logged in as a normal user, and after that point, I a black screen came up with the gnome-X-cursor and then stopped. Nothing worked at this point. I then rebooted using rescue CD, and examined the messages log file and it appears that selinux reported all sorts of AVC denied over /usr and other non-system mounted filesystems. Clearly, it seems that selinux is having problems. I suppose I can reboot setting the selinux = 0 and then begin the task of somehow repairing selinux tags in all of my files? Does this make any sense? Anyone have a better solution? I could reverse the /usr process and get rename /usr-b and comment out the /usr from my fstab, but I wanted some input from member in this forum before attempting to do that - I would end up back to my original disk-space problem. Any advice? No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.15/1173 - Release Date: 12/5/2007 9:29 PM -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
Daniel B. Thurman wrote:
> I was getting dangerously close to running out of disk space > since /usr was filling up fast. > > I thought it was simple to tar-copy /usr to a different drive/partiton > using tar copy such as: > > (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) using tar doesn't copy the extended attributes used by SELinux. Have you relabeled the drive? ( touch /.relabel ; reboot ) > I tar copied the contents of /usr into my new drive/partition > and I changed the partition label to /usr, updated my > /etc/fstab file, renamed my /usr to /usr-b, created > an empty directory /usr, chmod it to 775, mounted > /usr - and it all looked fine. I then unmounted /usr, > and then rebooted. > > The reboot reported that there was a problem with > the two library files: somelibfile.so.1 and somelibfile.so.2 > and then gnome came up with user/password screen. > > I logged in as a normal user, and after that point, I a > black screen came up with the gnome-X-cursor and > then stopped. Nothing worked at this point. > > I then rebooted using rescue CD, and examined the > messages log file and it appears that selinux reported > all sorts of AVC denied over /usr and other non-system > mounted filesystems. > > Clearly, it seems that selinux is having problems. So relabel the drive. > I suppose I can reboot setting the selinux = 0 and then > begin the task of somehow repairing selinux tags in all > of my files? Does this make any sense? > > Anyone have a better solution? > > I could reverse the /usr process and get rename /usr-b > and comment out the /usr from my fstab, but I wanted > some input from member in this forum before attempting > to do that - I would end up back to my original disk-space > problem. > > Any advice? When I started looking into backups after SELinux, the recommendation was to use "star" instead of "tar" and to have it copy the extended attributes as well. >From by backup script: > # Use star instead of tar to capture the SELinux attributes > > TAR=star > > # Write archive to this file > # Use f=tarfile to write to tarfile > # Leave empty to write to sdtout > > TARFILE=root > STAR_COMPRESS_FLAG=-9 > > # -c create a star archive > # -bz compress with bzip2 > # -C / to backup files starting from / > # -H=exustar format is required to store SELinux attributes > # -M do not descend mount points > # ignore -multivol for now > # -P allow partial last record > # -vv increase verbosity and list files being archived > # -xattr to archive SELinux attributes > > OPTS="-c - -bz -C / -H=exustar -M -P -vv -xattr" > > $TAR $OPTS $FS | split -d -b $SPLITSIZE $TARFILE I'm compressing and writing to DVDs, so you night not need all of the options or the split pipe that I use. -- Kevin J. Cummings kjchome@rcn.com cummings@kjchome.homeip.net cummings@kjc386.framingham.ma.us Registered Linux User #1232 (http://counter.li.org) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
On Thu, Dec 06, 2007 at 07:31:28PM -0800, Daniel B. Thurman wrote:
> > I was getting dangerously close to running out of disk space > since /usr was filling up fast. > > I thought it was simple to tar-copy /usr to a different drive/partiton > using tar copy such as: > > (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) > > I tar copied the contents of /usr into my new drive/partition > and I changed the partition label to /usr, updated my > /etc/fstab file, renamed my /usr to /usr-b, created > an empty directory /usr, chmod it to 775, mounted > /usr - and it all looked fine. I then unmounted /usr, > and then rebooted. > > The reboot reported that there was a problem with > the two library files: somelibfile.so.1 and somelibfile.so.2 > and then gnome came up with user/password screen. > > I logged in as a normal user, and after that point, I a > black screen came up with the gnome-X-cursor and > then stopped. Nothing worked at this point. > > I then rebooted using rescue CD, and examined the > messages log file and it appears that selinux reported > all sorts of AVC denied over /usr and other non-system > mounted filesystems. > > Clearly, it seems that selinux is having problems. > > I suppose I can reboot setting the selinux = 0 and then > begin the task of somehow repairing selinux tags in all > of my files? Does this make any sense? > > Anyone have a better solution? > Personally I'd try 'cp -R', that's supposed to handle most things OK. -- Chris Green -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
Around 12:09pm on Friday, December 07, 2007 (UK time), Chris G scrawled:
> On Thu, Dec 06, 2007 at 07:31:28PM -0800, Daniel B. Thurman wrote: > > <snip> > > Anyone have a better solution? > > > Personally I'd try 'cp -R', that's supposed to handle most > things OK. cp -pR would be better as that will preserve mode, ownership and timestamps. However consider how you want to handle symbolic links. Steve -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting a bad thing? 12:12:15 up 68 days, 23:08, 1 user, load average: 0.03, 0.03, 0.01 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
At 10:43 PM -0500 12/6/07, Kevin J. Cummings wrote:
>Daniel B. Thurman wrote: >> I was getting dangerously close to running out of disk space >> since /usr was filling up fast. >> >> I thought it was simple to tar-copy /usr to a different drive/partiton >> using tar copy such as: >> >> (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) > >using tar doesn't copy the extended attributes used by SELinux. ... ... `man tar` shows the --xattrs and --no-xattrs options (though `man tar` and `info tar` don't say what the default is), so tar should work for EAs if used with --xattrs. -- __________________________________________________ __________________ TonyN.:' <mailto:tonynelson@georgeanelson.com> ' <http://www.georgeanelson.com/> -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
On Fri, 2007-12-07 at 11:12 -0800, Daniel B. Thurman wrote:
> Daniel B. Thurman wrote: > > >Sent: Thursday, December 06, 2007 7:31 PM > >To: Fedora-List (E-mail) > >Subject: Best way to copy /usr to different partition? > > > >I was getting dangerously close to running out of disk space > >since /usr was filling up fast. > > > >I thought it was simple to tar-copy /usr to a different drive/partiton > >using tar copy such as: > > > >(cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) > > > >I tar copied the contents of /usr into my new drive/partition > >and I changed the partition label to /usr, updated my > >/etc/fstab file, renamed my /usr to /usr-b, created > >an empty directory /usr, chmod it to 775, mounted > >/usr - and it all looked fine. I then unmounted /usr, > >and then rebooted. > > > >The reboot reported that there was a problem with > >the two library files: somelibfile.so.1 and somelibfile.so.2 > >and then gnome came up with user/password screen. > > > >I logged in as a normal user, and after that point, I a > >black screen came up with the gnome-X-cursor and > >then stopped. Nothing worked at this point. > > > >I then rebooted using rescue CD, and examined the > >messages log file and it appears that selinux reported > >all sorts of AVC denied over /usr and other non-system > >mounted filesystems. > > > >Clearly, it seems that selinux is having problems. > > > >I suppose I can reboot setting the selinux = 0 and then > >begin the task of somehow repairing selinux tags in all > >of my files? Does this make any sense? > > > >Anyone have a better solution? > > > >I could reverse the /usr process and get rename /usr-b > >and comment out the /usr from my fstab, but I wanted > >some input from member in this forum before attempting > >to do that - I would end up back to my original disk-space > >problem. > > > >Any advice? > > > > Ok, I have booted into rescue CD, and performed these steps: > > 1) (cd /usr-b; tar -cp --xattrs -f - .) | (cd /usr; tar -xp -xattrs -f -) > 2) touch /.relabel > 3) reboot > > And I was able to get back into GDM and to log in as a normal > user using the login screen, however the boot processes did > report errors and the messages log as well: > > 1) restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) > 2) SELINUX: avc denied {search } comm="ifconfig" name="lib" (7 times) > 3) SELINUX: avc denied {read} comm="mount" name="locale-archive" > 4) SELINUX: avc denied {read} comm="mount" name="locale-alias" > 5) SELINUX: avc denied {search} comm="dmesg" name="lib" (7 times) > 6) SELINUX: avc denied {search} comm="dmesg" name="share" > 7) SELINUX: avc denied {search} comm="kudzu" name="lib" (7 times) > 8) SELINUX: avc denied {search} comm="kudzu" name="share" (5 times) > 9) SELINUX: avc denied {search} comm="arping" name="lib" (16 times) > 10) SELINUX: avc denied {getattr} comm="arping" name="/usr/lib" > 11) arping: libsysfs.so.1 and libsysfs.so.2 > > Note: most of these files have default_t assigned to these files... and > it says that for "arping", it needs to have netutils_t assigned. > > It seems to me, that the only files I need to worry about are the above > libsysfs.so.1/2 needs to be relabeled and I am not sure what to do about > the /etc/resolv.conf file. The hard links to /etc/resolv.conf are typically somewhere in /etc/sysconfig/networking/profiles You can "ls -i /etc/resolv.conf" to get the inode of resolv.conf. Then "find /etc/sysconfig/networking -inum inode" to find the other hard links. Example on my laptop: [root@golem3 ~]# ls -l /etc/resolv.conf -rw-r--r-- 2 root root 75 2007-11-26 08:57 /etc/resolv.conf [root@golem3 ~]# ls -i /etc/resolv.conf 8389128 /etc/resolv.conf [root@golem3 ~]# find /etc/sysconfig/networking/profiles -inum 8389128 /etc/sysconfig/networking/profiles/Office/resolv.conf You can delete the entry in the networking tree (in this case, /etc/sysconfig/networking/profiles/Office/resolv.conf), restorecon /etc/resolv.conf, then recreate the hard link. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@internap.com - - CDN Systems, Internap, Inc. http://www.internap.com - - - - IGNORE that man behind the keyboard! - - - The Wizard of OS - ---------------------------------------------------------------------- -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
Tony Nelson wrote:
>Sent: Friday, December 07, 2007 8:43 AM >To: fedora-list@redhat.com >Subject: Re: Best way to copy /usr to different partition? > > >At 10:43 PM -0500 12/6/07, Kevin J. Cummings wrote: >>Daniel B. Thurman wrote: >>> I was getting dangerously close to running out of disk space >>> since /usr was filling up fast. >>> >>> I thought it was simple to tar-copy /usr to a different >drive/partiton >>> using tar copy such as: >>> >>> (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) >> >>using tar doesn't copy the extended attributes used by SELinux. ... > ... > >`man tar` shows the --xattrs and --no-xattrs options (though >`man tar` and >`info tar` don't say what the default is), so tar should work >for EAs if >used with --xattrs. >-- >_________________________________________________ ___________________ >TonyN.:' <mailto:tonynelson@georgeanelson.com> > ' <http://www.georgeanelson.com/> > >-- I have discovered that using: (cd /usr-b; tar -cp -xattrs -f - .) | (cd /usr; tar -xp --xattrs -f -) OR (cd /usr; cp -pR /usr-b/. .) did not preserve the selinux attributes. I have checked the attributes in /usr-b/lib/libsysfs* and it has lib_t assigned to these files against the copied files /usr/lib/libsysfs* and it shows default_t instead of lib_t. This may mean that my entire /usr filesystem has improper selinux attributes. Can someone tell me how to copy the files from my original /usr-b filesystem to /usr filesystem with the selinux attributes intact? No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date: 12/6/2007 11:15 PM -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
On Fri, 2007-12-07 at 11:12 -0800, Daniel B. Thurman wrote:
> Daniel B. Thurman wrote: > > >Sent: Thursday, December 06, 2007 7:31 PM > >To: Fedora-List (E-mail) > >Subject: Best way to copy /usr to different partition? > > > >I was getting dangerously close to running out of disk space > >since /usr was filling up fast. > > > >I thought it was simple to tar-copy /usr to a different drive/partiton > >using tar copy such as: > > > >(cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) > > > >I tar copied the contents of /usr into my new drive/partition > >and I changed the partition label to /usr, updated my > >/etc/fstab file, renamed my /usr to /usr-b, created > >an empty directory /usr, chmod it to 775, mounted > >/usr - and it all looked fine. I then unmounted /usr, > >and then rebooted. > > > >The reboot reported that there was a problem with > >the two library files: somelibfile.so.1 and somelibfile.so.2 > >and then gnome came up with user/password screen. > > > >I logged in as a normal user, and after that point, I a > >black screen came up with the gnome-X-cursor and > >then stopped. Nothing worked at this point. > > > >I then rebooted using rescue CD, and examined the > >messages log file and it appears that selinux reported > >all sorts of AVC denied over /usr and other non-system > >mounted filesystems. > > > >Clearly, it seems that selinux is having problems. > > > >I suppose I can reboot setting the selinux = 0 and then > >begin the task of somehow repairing selinux tags in all > >of my files? Does this make any sense? > > > >Anyone have a better solution? > > > >I could reverse the /usr process and get rename /usr-b > >and comment out the /usr from my fstab, but I wanted > >some input from member in this forum before attempting > >to do that - I would end up back to my original disk-space > >problem. > > > >Any advice? > > > > Ok, I have booted into rescue CD, and performed these steps: > > 1) (cd /usr-b; tar -cp --xattrs -f - .) | (cd /usr; tar -xp -xattrs -f -) > 2) touch /.relabel That should be 'touch /.autorelabel'. Or pass 'autorelabel' as an argument on the kernel command line at boot. > 3) reboot > > And I was able to get back into GDM and to log in as a normal > user using the login screen, however the boot processes did > report errors and the messages log as well: > > 1) restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) > 2) SELINUX: avc denied {search } comm="ifconfig" name="lib" (7 times) > 3) SELINUX: avc denied {read} comm="mount" name="locale-archive" > 4) SELINUX: avc denied {read} comm="mount" name="locale-alias" > 5) SELINUX: avc denied {search} comm="dmesg" name="lib" (7 times) > 6) SELINUX: avc denied {search} comm="dmesg" name="share" > 7) SELINUX: avc denied {search} comm="kudzu" name="lib" (7 times) > 8) SELINUX: avc denied {search} comm="kudzu" name="share" (5 times) > 9) SELINUX: avc denied {search} comm="arping" name="lib" (16 times) > 10) SELINUX: avc denied {getattr} comm="arping" name="/usr/lib" > 11) arping: libsysfs.so.1 and libsysfs.so.2 > > Note: most of these files have default_t assigned to these files... and > it says that for "arping", it needs to have netutils_t assigned. > > It seems to me, that the only files I need to worry about are the above > libsysfs.so.1/2 needs to be relabeled and I am not sure what to do about > the /etc/resolv.conf file. > > Can anyone advise what I can do at this point? > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date: 12/6/2007 11:15 PM > > -- Stephen Smalley National Security Agency -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
On Fri, 2007-12-07 at 12:35 -0800, Daniel B. Thurman wrote:
> Tony Nelson wrote: > >Sent: Friday, December 07, 2007 8:43 AM > >To: fedora-list@redhat.com > >Subject: Re: Best way to copy /usr to different partition? > > > > > >At 10:43 PM -0500 12/6/07, Kevin J. Cummings wrote: > >>Daniel B. Thurman wrote: > >>> I was getting dangerously close to running out of disk space > >>> since /usr was filling up fast. > >>> > >>> I thought it was simple to tar-copy /usr to a different > >drive/partiton > >>> using tar copy such as: > >>> > >>> (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) > >> > >>using tar doesn't copy the extended attributes used by SELinux. ... > > ... > > > >`man tar` shows the --xattrs and --no-xattrs options (though > >`man tar` and > >`info tar` don't say what the default is), so tar should work > >for EAs if > >used with --xattrs. > >-- > >_________________________________________________ ___________________ > >TonyN.:' <mailto:tonynelson@georgeanelson.com> > > ' <http://www.georgeanelson.com/> > > > >-- > > I have discovered that using: > > (cd /usr-b; tar -cp -xattrs -f - .) | (cd /usr; tar -xp --xattrs -f -) That's a bug - bugzilla it. Should work with --xattrs or --selinux. > OR > (cd /usr; cp -pR /usr-b/. .) Use cp -a; cp -p only deals with DAC perms. > did not preserve the selinux attributes. > > I have checked the attributes in /usr-b/lib/libsysfs* and > it has lib_t assigned to these files against the copied files > /usr/lib/libsysfs* and it shows default_t instead of lib_t. > > This may mean that my entire /usr filesystem has improper > selinux attributes. > > Can someone tell me how to copy the files from my original > /usr-b filesystem to /usr filesystem with the selinux attributes > intact? star is supposed to know how to handle xattrs. tar was patched in F8 but something seems amiss there. cp has support. Or you can just copy however you please and then perform a relabel, either by running fixfiles relabel manually or by touch /.autorelabel and reboot. -- Stephen Smalley National Security Agency -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Best way to copy /usr to different partition?
Stephen Smalley wrote:
>Sent: Friday, December 07, 2007 1:17 PM >To: For users of Fedora >Subject: RE: Best way to copy /usr to different partition? > > >On Fri, 2007-12-07 at 12:35 -0800, Daniel B. Thurman wrote: >> Tony Nelson wrote: >> >Sent: Friday, December 07, 2007 8:43 AM >> >To: fedora-list@redhat.com >> >Subject: Re: Best way to copy /usr to different partition? >> > >> > >> >At 10:43 PM -0500 12/6/07, Kevin J. Cummings wrote: >> >>Daniel B. Thurman wrote: >> >>> I was getting dangerously close to running out of disk space >> >>> since /usr was filling up fast. >> >>> >> >>> I thought it was simple to tar-copy /usr to a different >> >drive/partiton >> >>> using tar copy such as: >> >>> >> >>> (cd /usr; tar cpf - .) | (cd /newpartition; tar xpf -) >> >> >> >>using tar doesn't copy the extended attributes used by SELinux. ... >> > ... >> > >> >`man tar` shows the --xattrs and --no-xattrs options (though >> >`man tar` and >> >`info tar` don't say what the default is), so tar should work >> >for EAs if >> >used with --xattrs. >> >-- >> >_________________________________________________ ___________________ >> >TonyN.:' <mailto:tonynelson@georgeanelson.com> >> > ' <http://www.georgeanelson.com/> >> > >> >-- >> >> I have discovered that using: >> >> (cd /usr-b; tar -cp -xattrs -f - .) | (cd /usr; tar -xp >--xattrs -f -) > >That's a bug - bugzilla it. Should work with --xattrs or --selinux. > >> OR >> (cd /usr; cp -pR /usr-b/. .) > >Use cp -a; cp -p only deals with DAC perms. > >> did not preserve the selinux attributes. >> >> I have checked the attributes in /usr-b/lib/libsysfs* and >> it has lib_t assigned to these files against the copied files >> /usr/lib/libsysfs* and it shows default_t instead of lib_t. >> >> This may mean that my entire /usr filesystem has improper >> selinux attributes. >> >> Can someone tell me how to copy the files from my original >> /usr-b filesystem to /usr filesystem with the selinux attributes >> intact? > >star is supposed to know how to handle xattrs. >tar was patched in F8 but something seems amiss there. >cp has support. >Or you can just copy however you please and then perform a relabel, >either by running fixfiles relabel manually or by touch /.autorelabel >and reboot. > >-- >Stephen Smalley >National Security Agency > >-- THANKS STEPHEN! I 'touch /.autorelabel', rebooted, and everything was returned to correct labels in my new /usr partition! Seems everything now works and is restored!! Now of course, the hard part is finding the broken(?) symlinks... No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date: 12/6/2007 11:15 PM -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
| All times are GMT. The time now is 03:16 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.