Backing up and restoring SELinux file contexts
Frank Sweetser
fs at WPI.EDU
Wed Sep 17 15:52:32 UTC 2008
I'm looking at helping to extend the Bacula backup system to handle SELinux
file contexts, and I wanted to make sure I'm going down the right path.
Now as I understand it, the context associated with a file on disk can be
retrieved via getfilecon, and set via setfilecon.
However, on disk, the context is stored as an extended attribute, which are
handled via getxattr and setxattr.
So my question is, is it practical to just use the *xattr functions to backup
and restore the file contexts, or do I need to perform an explicit check to
see if I'm running on an SELinux system and, if so, use the *filecon functions
instead? I'd prefer to use the *xattr functions if at all possible, since
that would simplify a lot of cases, such as restoring an SELinux system from a
non SELinux aware rescue disk, but want to make sure there aren't any gotchas
I'm missing.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
More information about the selinux
mailing list