SELinux is preventing /bin/login...access on the file /bin/bash
Alan Stern
stern at rowland.harvard.edu
Mon Dec 12 18:37:40 UTC 2011
On Mon, 12 Dec 2011, Daniel J Walsh wrote:
> > Suppose one makes a backup using rsync. What is the proper way to
> > back up the security labels along with the data?
> >
> > I tried using rsync's -X option, which is supposed to preserve
> > extended attributes. All that happened was I got a huge set of
> > errors because rsync wasn't allowed to set the security-label
> > attribute for the newly created backup files (and this was all
> > running as root).
> >
> > Alan Stern
> >
> I think it is often best to just run a restorecon on a bunch of files
> that get restored from an archive rather then storing the security
> attributes. The reason for this, is there is a chance that the
> default security label of a file might have changed since you created
> the archive. For example if you were updating from Fedora 15 to
> Fedora 16 and backed up your home directory, restoring the Fedora 15
> labels is probably not what you want, you would want to ask the system
> how a properly labeled home directory should be and make it so.
>
> restorecon -R -v /home
>
> Would fix all of the attributes in this case.
In fact, something very much like that ended up happening. I manually
restored a few files, enough for boot to succeed, and then automatic
relabelling took care of everything else.
> In certain security sensitive environments you would want the labels
> to be stored, but I would figure in most cases people would prefer to
> have the labels match what the system expects.
>
> Why rsync was not able to maintain the labels I do not know, but you
> probably should have opened a bugzilla.
If it comes up again, I will. Thanks.
Alan Stern
More information about the users
mailing list