Backing up and restoring SELinux file contexts

Frank Sweetser fs at WPI.EDU
Thu Sep 18 02:06:34 UTC 2008


Daniel J Walsh wrote:
> Frank Sweetser wrote:
>> I'm looking at helping to extend the Bacula backup system to handle SELinux
>> file contexts, and I wanted to make sure I'm going down the right path.
> 
>> Now as I understand it, the context associated with a file on disk can be
>> retrieved via getfilecon, and set via setfilecon.
> 
>> However, on disk, the context is stored as an extended attribute, which are
>> handled via getxattr and setxattr.
> 
>> So my question is, is it practical to just use the *xattr functions to backup
>> and restore the file contexts, or do I need to perform an explicit check to
>> see if I'm running on an SELinux system and, if so, use the *filecon functions
>> instead?  I'd prefer to use the *xattr functions if at all possible, since
>> that would simplify a lot of cases, such as restoring an SELinux system from a
>> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
>> I'm missing.
> 
> I would not make your tool know anything about SELinux.  It should just
> back up and restore all extended attributes.  SELinux is not the only
> user of xattrs and more tools in the future might use it.

Thanks - that's exactly the answer I was hoping for.

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC




More information about the fedora-selinux-list mailing list