Am 2016-01-27 um 00:04 schrieb Uwe Menges: > On 01/26/16 12:27, Stefan G. Weichinger wrote: >> fedora tells me to use star: >> >> https://fedoraproject.org/wiki/SELinux_FAQ#How_can_I_back_up_files_from_an_SELinux_file_system.3F > > I think this is outdated, GNU tar seems to be able to preserve SELinux > contexts with GNU tar as well in the meanwhile (--selinux option, see > info pages, it's not mentioned in the man page).
Ok, this might be worth more tests after having selinux turned off or at least permissive. The --selinux option would have to be explicitly enabled in a specific dumptype? Or does amanda use it with gnu-tar anyway? >> Aside from the details here, is there a recommended howto for this? > > I think running in permissive and fixing the issues that appear in > audit.log is the way to go (by either labeling the FS correctly, or by > changing the policy). I'm a bit puzzled because you get different > SELinux messages than me. I opened a BZ for fowner capability of tar: > https://bugzilla.redhat.com/show_bug.cgi?id=1280526 (that was on F22, I > updated to F23 in the meanwhile). your bz seems without echo .. :( I don't know where our F23-systems might differ, this is a bit OT here maybe? > My current workaround is to setenforce permissive at the beginning of my > backup script and reset it to enforcing at the end. worth a try. > FWIW, there is also a bug with the F23-shipped amanda (or with perl, > someone with deeper perl knowledge than me needs to judge that): > https://bugzilla.redhat.com/show_bug.cgi?id=1262571 ack, but I am not the one, sorry ;-)
