Dump errors with selinux

Stephen Smalley sds at epoch.ncsc.mil
Thu Dec 9 13:40:22 UTC 2004 

On Thu, 2004-12-09 at 05:18, Simon Andrews wrote:
> We've used dump/restore for our backups since way back in RH7.x. 
> Unfortunately after our recent upgrade to FC3 I'm getting a ton of 
> errors from it due to the extra ACLs required for selinux.
> 
> $ more dump.09-12-04.log
>    DUMP: Date of this level 0 dump: Thu Dec  9 08:46:18 2004
>    DUMP: Dumping /dev/sda6 (/) to /dev/nst0
>    DUMP: Label: /
>    DUMP: Writing 10 Kilobyte records
>    DUMP: mapping (Pass I) [regular files]
>    DUMP: mapping (Pass II) [directories]
>    DUMP: estimated 401819 blocks.
>    DUMP: Volume 1 started with block 1 at: Thu Dec  9 08:46:19 2004
>    DUMP: dumping (Pass III) [directories]
>    DUMP: ACLs in inode #12 won't be dumped
>    DUMP: ACLs in inode #102 won't be dumped
>    DUMP: ACLs in inode #142 won't be dumped
>    DUMP: ACLs in inode #143 won't be dumped
>    DUMP: ACLs in inode #144 won't be dumped
>    DUMP: ACLs in inode #146 won't be dumped
>    DUMP: ACLs in inode #148 won't be dumped
>    DUMP: ACLs in inode #191 won't be dumped
>    DUMP: ACLs in inode #200 won't be dumped
>    DUMP: ACLs in inode #207 won't be dumped
>    DUMP: ACLs in inode #208 won't be dumped
>    DUMP: ACLs in inode #212 won't be dumped
> 
> [and a LOAD more of these]
> 
> So a few questions:
> 
> Is there an option for dump which will fix this (I couldn't find 
> anything which looked useful in the man page)?
> 
> Is this a bug?
> 
> Am I going to have to look for another backup solution?  If so what 
> other programs do correctly handle ACLs? Tar? Cpio?

I don't know if there is a patch for dump/restore to deal with extended
attributes, but star handles them.  star can preserve extended
attributes, including SELinux file contexts.  IIRC, the usage is
something like the following:

Creating an archive with attributes included:
	star -Hxustar -xattr -c -f foo.tar /path/to/dir

Expanding an archive and preserving attributes from it:
	star -xattr -x -f foo.tar

However, if you don't expect to customize your file contexts, you may
choose to not back them up at all, and just run restorecon on files when
you restore them to reset their contexts based on the file_contexts
configuration.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency

More information about the fedora-list mailing list