FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-01-2012, 11:10 AM
John Austin
 
Default dump/restore selinux query

Hi

I have recently used a bootable F17 memory stick (fully updated) to
dump/restore an un-mounted Centos 6.3 system root (/) partition
to a "clone" backup partition on a separate disk.

I obtain SELinux error messages during the restore phase

Does anyone (Daniel?) know:

Will this be a problem if/when I need to use the backup?

Regards

John



-------------------------------------------
[root@blue ~]# mount -o noatime /dev/sdd4 /mnt/zip
[root@blue ~]# cd /mnt/zip
[root@blue zip]# dump 0f - /dev/sda4 | restore rf -
DUMP: Date of this level 0 dump: Fri Sep 28 18:16:10 2012
DUMP: Dumping /dev/sda4 (an unlisted file system) to standard output
DUMP: Label: ocz240_root1
DUMP: Writing 10 Kilobyte records
DUMP: mapping (Pass I) [regular files]
DUMP: mapping (Pass II) [directories]
DUMP: estimated 8560325 blocks.
DUMP: Volume 1 started with block 1 at: Fri Sep 28 18:16:11 2012
DUMP: dumping (Pass III) [directories]
DUMP: dumping (Pass IV) [regular files]
restore: ./lost+found: File exists
restore: ./var/cache/hald/fdi-cache: EA set security.selinux:system_ubject_r:hald_cache_t:s0 failed: Invalid argument
restore: ./var/log/pm-powersave.log: EA set security.selinux:system_ubject_r:hald_log_t:s0 failed: Invalid argument
restore: ./usr/libexec/hald-addon-macbookpro-backlight: EA set security.selinux:system_ubject_r:hald_mac_exec_t :s0 failed: Invalid argument
restore: ./usr/sbin/tzdata-update: EA set security.selinux:system_ubject_r:tzdata_exec_t:s 0 failed: Invalid argument
restore: ./usr/sbin/hald: EA set security.selinux:system_ubject_r:hald_exec_t:s0 failed: Invalid argument
restore: ./usr/libexec/hal-system-sonypic: EA set security.selinux:system_ubject_r:hald_sonypic_ex ec_t:s0 failed: Invalid argument
restore: ./usr/bin/hal-setup-keymap: EA set security.selinux:system_ubject_r:hald_keymap_exe c_t:s0 failed: Invalid argument
restore: ./usr/libexec/hald-addon-macbook-backlight: EA set security.selinux:system_ubject_r:hald_mac_exec_t :s0 failed: Invalid argument
DUMP: 66.01% done at 18834 kB/s, finished in 0:02
DUMP: Volume 1 completed at: Fri Sep 28 18:24:26 2012
DUMP: Volume 1 9116920 blocks (8903.24MB)
DUMP: Volume 1 took 0:08:15
DUMP: Volume 1 transfer rate: 18418 kB/s
DUMP: 9116920 blocks (8903.24MB)
DUMP: finished in 495 seconds, throughput 18418 kBytes/sec
DUMP: Date of this level 0 dump: Fri Sep 28 18:16:10 2012
DUMP: Date this dump completed: Fri Sep 28 18:24:26 2012
DUMP: Average transfer rate: 18418 kB/s
DUMP: DUMP IS DONE
restore: ./var/run/pm-utils: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
restore: ./var/run/pm-utils/locks: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
restore: ./var/run/pm-utils/storage: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
restore: ./var/cache/hald: EA set security.selinux:system_ubject_r:hald_cache_t:s0 failed: Invalid argument
restore: ./var/run/hald: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
restore: ./var/run/pm-utils/pm-powersave: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
restore: ./var/run/pm-utils/pm-powersave/storage: EA set security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid argument
[root@blue zip]# sync
[root@blue zip]# cd
[root@blue ~]# umount /mnt/zip


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-01-2012, 01:14 PM
Daniel J Walsh
 
Default dump/restore selinux query

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/01/2012 07:10 AM, John Austin wrote:
> Hi
>
> I have recently used a bootable F17 memory stick (fully updated) to
> dump/restore an un-mounted Centos 6.3 system root (/) partition to a
> "clone" backup partition on a separate disk.
>
> I obtain SELinux error messages during the restore phase
>
> Does anyone (Daniel?) know:
>
> Will this be a problem if/when I need to use the backup?
>
> Regards
>
> John
>
Most likely the target OS did not understand the labels that you are trying to
install. So if you took labels off a F17 machine and tried to put them on a
RHEL6 box, the labels might not be defined.
>
>
> ------------------------------------------- [root@blue ~]# mount -o noatime
> /dev/sdd4 /mnt/zip [root@blue ~]# cd /mnt/zip [root@blue zip]# dump 0f -
> /dev/sda4 | restore rf - DUMP: Date of this level 0 dump: Fri Sep 28
> 18:16:10 2012 DUMP: Dumping /dev/sda4 (an unlisted file system) to standard
> output DUMP: Label: ocz240_root1 DUMP: Writing 10 Kilobyte records DUMP:
> mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories]
> DUMP: estimated 8560325 blocks. DUMP: Volume 1 started with block 1 at: Fri
> Sep 28 18:16:11 2012 DUMP: dumping (Pass III) [directories] DUMP: dumping
> (Pass IV) [regular files] restore: ./lost+found: File exists restore:
> ./var/cache/hald/fdi-cache: EA set
> security.selinux:system_ubject_r:hald_cache_t:s0 failed: Invalid
> argument restore: ./var/log/pm-powersave.log: EA set
> security.selinux:system_ubject_r:hald_log_t:s0 failed: Invalid argument
> restore: ./usr/libexec/hald-addon-macbookpro-backlight: EA set
> security.selinux:system_ubject_r:hald_mac_exec_t :s0 failed: Invalid
> argument restore: ./usr/sbin/tzdata-update: EA set
> security.selinux:system_ubject_r:tzdata_exec_t:s 0 failed: Invalid
> argument restore: ./usr/sbin/hald: EA set
> security.selinux:system_ubject_r:hald_exec_t:s0 failed: Invalid argument
> restore: ./usr/libexec/hal-system-sonypic: EA set
> security.selinux:system_ubject_r:hald_sonypic_ex ec_t:s0 failed: Invalid
> argument restore: ./usr/bin/hal-setup-keymap: EA set
> security.selinux:system_ubject_r:hald_keymap_exe c_t:s0 failed: Invalid
> argument restore: ./usr/libexec/hald-addon-macbook-backlight: EA set
> security.selinux:system_ubject_r:hald_mac_exec_t :s0 failed: Invalid
> argument DUMP: 66.01% done at 18834 kB/s, finished in 0:02 DUMP: Volume 1
> completed at: Fri Sep 28 18:24:26 2012 DUMP: Volume 1 9116920 blocks
> (8903.24MB) DUMP: Volume 1 took 0:08:15 DUMP: Volume 1 transfer rate: 18418
> kB/s DUMP: 9116920 blocks (8903.24MB) DUMP: finished in 495 seconds,
> throughput 18418 kBytes/sec DUMP: Date of this level 0 dump: Fri Sep 28
> 18:16:10 2012 DUMP: Date this dump completed: Fri Sep 28 18:24:26 2012
> DUMP: Average transfer rate: 18418 kB/s DUMP: DUMP IS DONE restore:
> ./var/run/pm-utils: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument restore: ./var/run/pm-utils/locks: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument restore: ./var/run/pm-utils/storage: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument restore: ./var/cache/hald: EA set
> security.selinux:system_ubject_r:hald_cache_t:s0 failed: Invalid
> argument restore: ./var/run/hald: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument restore: ./var/run/pm-utils/pm-powersave: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument restore: ./var/run/pm-utils/pm-powersave/storage: EA set
> security.selinux:system_ubject_r:hald_var_run_t: s0 failed: Invalid
> argument [root@blue zip]# sync [root@blue zip]# cd [root@blue ~]# umount
> /mnt/zip
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBplz0ACgkQrlYvE4MpobM29QCgwMJ9Jht4OX Q66j+kiuIB7/VM
bXUAoKGIjBNU2XRH3tuscJqU1npvqxrL
=A5KW
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-03-2012, 09:19 AM
John Austin
 
Default dump/restore selinux query

On Mon, 2012-10-01 at 09:14 -0400, Daniel J Walsh wrote:
> On 10/01/2012 07:10 AM, John Austin wrote:
> > Hi
> >
> > I have recently used a bootable F17 memory stick (fully updated) to
> > dump/restore an un-mounted Centos 6.3 system root (/) partition to a
> > "clone" backup partition on a separate disk.
> >
> > I obtain SELinux error messages during the restore phase
> >
> > Does anyone (Daniel?) know:
> >
> > Will this be a problem if/when I need to use the backup?
> >
> > Regards
> >
> > John
> >
> Most likely the target OS did not understand the labels that you are trying to
> install. So if you took labels off a F17 machine and tried to put them on a
> RHEL6 box, the labels might not be defined.


Hmmm - repeated the exercise booted from a fully updated C6.3
memory stick and the errors are not present during restore.
(ie dumped/restored system and booted OS are both C6.3 with the
same update level)

This implies that you must use a contemporaneous version of the
operating system (including dump/restore) to that of the actual backed
up root partition.

Obviously I do not fully understand/accept what is happening here!
So a couple more basic questions

Does this mean I have to put aside the memory stick in its
current state (no upgrade to C6.4 say) so that I can use it as the boot
device during any subsequent restore of the backed up partitions?

OR

Will the relabelling of a restored root partition (that has
selinux errors during the restore) (when booted from that restored
partition) provide a "perfect" working system?

Thanks again

John

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-03-2012, 11:40 AM
Daniel J Walsh
 
Default dump/restore selinux query

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/03/2012 05:19 AM, John Austin wrote:
> On Mon, 2012-10-01 at 09:14 -0400, Daniel J Walsh wrote:
>> On 10/01/2012 07:10 AM, John Austin wrote:
>>> Hi
>>>
>>> I have recently used a bootable F17 memory stick (fully updated) to
>>> dump/restore an un-mounted Centos 6.3 system root (/) partition to a
>>> "clone" backup partition on a separate disk.
>>>
>>> I obtain SELinux error messages during the restore phase
>>>
>>> Does anyone (Daniel?) know:
>>>
>>> Will this be a problem if/when I need to use the backup?
>>>
>>> Regards
>>>
>>> John
>>>
>> Most likely the target OS did not understand the labels that you are
>> trying to install. So if you took labels off a F17 machine and tried to
>> put them on a RHEL6 box, the labels might not be defined.
>
>
> Hmmm - repeated the exercise booted from a fully updated C6.3 memory stick
> and the errors are not present during restore. (ie dumped/restored system
> and booted OS are both C6.3 with the same update level)
>
> This implies that you must use a contemporaneous version of the operating
> system (including dump/restore) to that of the actual backed up root
> partition.
>
> Obviously I do not fully understand/accept what is happening here! So a
> couple more basic questions
>
> Does this mean I have to put aside the memory stick in its current state
> (no upgrade to C6.4 say) so that I can use it as the boot device during any
> subsequent restore of the backed up partitions?
>
> OR
>
> Will the relabelling of a restored root partition (that has selinux errors
> during the restore) (when booted from that restored partition) provide a
> "perfect" working system?
>
> Thanks again
>
> John
>
I would always suggest relabeling after you restore a system. Restore sets
everything back to the default layout as currently defined in policy. While I
understand the goal of restoring the labels from a backed up partition, it is
not always the correct thing to do. Since the policy on the system might have
changed since the backup.

For example say you backed up your homedir and saved the labels. A
selinux-policy update happens or an admin changes the labels of a particular
directory in the homedir. Now you later restore the backup over the homedir.
Now the labels of the homedir do not match the system defaults.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBsJEYACgkQrlYvE4MpobPoegCguV8GglSWik Vd5gXkg24U0i2T
JzMAoMl2ygYCYe6/xRQiAVcnyCEqQ2Oj
=AsOD
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 10-03-2012, 01:15 PM
John Austin
 
Default dump/restore selinux query

On Wed, 2012-10-03 at 07:40 -0400, Daniel J Walsh wrote:
> On 10/03/2012 05:19 AM, John Austin wrote:
> > On Mon, 2012-10-01 at 09:14 -0400, Daniel J Walsh wrote:
> >> On 10/01/2012 07:10 AM, John Austin wrote:
> >>> Hi
> >>>
> >>> I have recently used a bootable F17 memory stick (fully updated) to
> >>> dump/restore an un-mounted Centos 6.3 system root (/) partition to a
> >>> "clone" backup partition on a separate disk.
> >>>
> >>> I obtain SELinux error messages during the restore phase
> >>>
> >>> Does anyone (Daniel?) know:
> >>>
> >>> Will this be a problem if/when I need to use the backup?
> >>>
> >>> Regards
> >>>
> >>> John
> >>>
> >> Most likely the target OS did not understand the labels that you are
> >> trying to install. So if you took labels off a F17 machine and tried to
> >> put them on a RHEL6 box, the labels might not be defined.
> >
> >
> > Hmmm - repeated the exercise booted from a fully updated C6.3 memory stick
> > and the errors are not present during restore. (ie dumped/restored system
> > and booted OS are both C6.3 with the same update level)
> >
> > This implies that you must use a contemporaneous version of the operating
> > system (including dump/restore) to that of the actual backed up root
> > partition.
> >
> > Obviously I do not fully understand/accept what is happening here! So a
> > couple more basic questions
> >
> > Does this mean I have to put aside the memory stick in its current state
> > (no upgrade to C6.4 say) so that I can use it as the boot device during any
> > subsequent restore of the backed up partitions?
> >
> > OR
> >
> > Will the relabelling of a restored root partition (that has selinux errors
> > during the restore) (when booted from that restored partition) provide a
> > "perfect" working system?
> >
> > Thanks again
> >
> > John
> >
> I would always suggest relabeling after you restore a system. Restore sets
> everything back to the default layout as currently defined in policy. While I
> understand the goal of restoring the labels from a backed up partition, it is
> not always the correct thing to do. Since the policy on the system might have
> changed since the backup.
>
> For example say you backed up your homedir and saved the labels. A
> selinux-policy update happens or an admin changes the labels of a particular
> directory in the homedir. Now you later restore the backup over the homedir.
> Now the labels of the homedir do not match the system defaults.


Many thanks for the clarification and advice

John


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 10:19 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org