Daniel J Walsh wrote:
Frank Sweetser wrote:
> I'm looking at helping to extend the Bacula backup system to handle SELinux
> file contexts, and I wanted to make sure I'm going down the right path.
> Now as I understand it, the context associated with a file on disk can be
> retrieved via getfilecon, and set via setfilecon.
> However, on disk, the context is stored as an extended attribute, which are
> handled via getxattr and setxattr.
> So my question is, is it practical to just use the *xattr functions to backup
> and restore the file contexts, or do I need to perform an explicit check to
> see if I'm running on an SELinux system and, if so, use the *filecon functions
> instead? I'd prefer to use the *xattr functions if at all possible, since
> that would simplify a lot of cases, such as restoring an SELinux system from a
> non SELinux aware rescue disk, but want to make sure there aren't any gotchas
> I'm missing.
I would not make your tool know anything about SELinux. It should just
back up and restore all extended attributes. SELinux is not the only
user of xattrs and more tools in the future might use it.
Thanks - that's exactly the answer I was hoping for.
Frank Sweetser fs at wpi.edu
| For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC