Thanks, Frank. I'm building a new Internet-facing network, and the only server where I know I need the added protection of SELinux is my web server/SMTP relay. I don't know if FC is the same, but with RHEL4 a "targeted policy" is installed by default. A quick study of the RH doc makes me think this particular policy may be adequate for my web server, saving me a ton of work in hand-crafting a SELinux policy. But what I don't know is if this will result in "all of your files have the default selinux contexts", allowing the boot scripts to do their thing. It's going to take me some digging to figure this out. But thanks for your pointers.
BTW, although this may be heretical in this list, do you know of any commercial Linux backup solutions that fully support bare metal recovery of a SELinux-enabled system? I guess I could also look at using star from a Knoppix boot, but that's really getting out deep in left field. --Gary Kopp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Sweetser Sent: Wednesday, January 04, 2006 9:55 AM To: Gary Kopp Cc: bacula-users@lists.sourceforge.net Subject: Re: [Bacula-users] Backup xattrs (SELinux)? On Wed, Jan 04, 2006 at 09:45:32AM -0700, Gary Kopp wrote: > Searching has so far only turned up one old post in another mailing list > suggested Bacula needed a patch to handle this, so let me ask here. > > Will Bacula back up and restore the xattrs (extended attributes) used by > SELinux? My environment is RHEL4, but SELinux xattrs are common across all > implementations AFAIK. No, it doesn't. If all of your files have the default selinux contexts, the simplest solution is to simply ensure that on a bare metal recovery you also ensure that /.autolabel file (IIRC) is created. On FC4 at least this will cause the boot scripts to troll through / and make the contexts match those defined in the policy. Other than that, you could probably hack up a script similar to the one listed for backing up ACLs. This could take a while on a system with a lot of files, and you would have to work a way to reapply those contexts on restore manually, but at least the data would be there. That said, I don't suppose there happen to be any plans to backup xattrs? I'd be more than happy to volunteer to test out any code to do so. -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
