rsync as backup from f11 to F10 - issues

[Mike Cloaked]

Mail Lists-3 wrote:
> 
> 
>    Cant speak for others but I do not backup selinux labels. I cannot
> speak to other attributes or ACL's.
> 
>   I think of selinux labels as belonging to the host server policy not
> the backup machine - so the policy in my mind comes from the target
> where the backups would be restored to.
> 
>   So, if you backed up /home/cloaked/foo and restored it to
> bing:/home/cloaked/foo then I would expect the labels to come from the
> policy on bing - whether or not the backup was made from bing or
> somewhere else.
> 
> 
> 
>> > How would this differ if rdiff-backup was used instead?  Since
>> > rdiff-backup is rsync based ....
> 
>   Dunno - I kind of thought rdiff-backup had better extended attribute
> handling than rsync itself and its my preferred tool anyway.
> 
>  gene/
> 
> 

Generally true - but one situation I found the backup done my way that I
liked, to include labels, was when transitioning from F10 to F11 where I had
specific labels on some files in /opt to avoid avc denials in F10.  

In order to move to F11 with ext4 what I did was to create a backup on the
external drive and included the original labelling for F10, for the entire
/opt structure.  Then when I installed F11, I allowed the installer to
format both / and /opt with ext4.  Then once the install was completed I
restored the /opt backup to the new /opt partition for F11 including the old
F10 labels, and was able to progress using the files with their old contexts
apart from an occasional need to change a context.

Presumably had I restored using rsync -aH only then the file contexts would
have been made according to the F11 current policy and not been a generic
"file_t".  Some instances would certainly not have worked such as a mail
spool area on /opt that would not have been given their correct mail related
contexts after the restore - although I don't know if the mail spool area,
once bind mounted onto the root directory mail spool, would then get their
correct contexts if I used a restorecon command on the mail spool at that
time?

I don't know if the same also would then apply to user areas residing on the
/opt/Local/home directory? Again initially the files would have incorrect
contexts restoring using rsync -aH and again once bind mounted to /home
would restorecon put the correct labels back?

-- 
View this message in context: http://www.nabble.com/rsync-as-backup-from-f11-to-F10---issues-tp24925988p24951776.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.