Copying files without losing selinux context
Daniel J Walsh
dwalsh at redhat.com
Sun Oct 11 11:17:59 UTC 2015
On 10/10/2015 05:07 AM, Suvayu Ali wrote:
> Hi Rejy,
>
> On Sat, Oct 10, 2015 at 12:31:59PM +0530, Rejy M Cyriac wrote:
>> On 10/08/2015 06:35 PM, Suvayu Ali wrote:
>>> Yesterday I installed a new SSD in my laptop. I moved all my files
>>> (/home, /var, /opt) with rsync and rebooted. However I see the selinux
>>> filecontexts are wrong, and many services are failing because of that,
>>> e.g. the user crontab doesn't load.
>>>
>>> # ls -Z /var/spool/cron/user
>>> unconfined_u:object_r:var_spool_t:s0 /var/spool/cron/user
>>>
>>> I did an autorelabel on boot, I also ran `restorecon -p -r /var',
>>> neither helped. To get the crontab working, I had to change the context
>>> by hand.
>>>
>>> # chcon --reference=/old/part/spool/cron/user /var/spool/cron/user
>>> # ls -Z /var/spool/cron/user
>>> unconfined_u:object_r:user_cron_spool_t:s0 /var/spool/cron/user
>>>
>>> I would like to know how I can fix the rest, and what I should have used
>>> to do the copy in the first place. I guess `cp -c' would work, but then
>>> I wouldn't have the ability to resume the transfer.
>> The following would have retained the SELinux contexts
>>
>> rsync with the --xattrs option
>> tar with the --selinux or --xattrs option
> Thanks a lot! I'll remember this for the future. Is there any simple
> way to restore the contexts now, after the fact? If not, maybe
> something like the command below?
>
> # cd /old && find . -exec chcon --reference=\{\} /var/\{\} \;
>
> Cheers,
>
If you are moving content around you should reset the default labeling.
In this case you could do something like
# semanage fcontext -a -e /var /old
# restorecon -R -v /old
Which would make your labels survive a relabel
More information about the users
mailing list