Re: [Bacula-users] Backup xattrs (SELinux)?

Wed, 04 Jan 2006 12:58:21 -0800 

On Wednesday 04 January 2006 20:19, Frank Sweetser wrote:
> On Wed, Jan 04, 2006 at 07:19:30PM +0100, Kern Sibbald wrote:
> > I am not an ACL expert, so could you explain to me what the difference
> > between xattrs are and "regular" Linux ACLs, which can be backed up and
> > restored by Bacula?
>
> SELinux uses a different mechanism than ACLs.  The way it works is fairly
> complex, but the relevant bit for backing up are the extended attributes.
> While I do believe that on Linux POSIX ACLs are stored on the filesystem as
> extended attributes, bacula currently uses the libacl API to get/set them.
>
> Extended attributes allow you to associate a number of arbitrary
> "key=value" pairs with a given filesystem object.  Selinux uses certain
> well-known key names.  You can use the getfattr and setfattr commands to
> look at the values on selinux enabled systems.  For example
>
> [EMAIL PROTECTED] ~]$ getfattr -d -m . /bin/ls
> getfattr: Removing leading '/' from absolute path names
> # file: bin/ls
> security.selinux="system_u:object_r:ls_exec_t\000"
>
> This is how selinux encodes that /bin/ls has an selinux context of
> system_u:object_r:ls_exec_t on disk.
>
> Make sense?

Not quite.  

I run SELinux here on my server so I have a reasonable idea (rather primitave 
though) of how it works.  Are you telling me that libacl returns only a 
subset of the possible extended attributes?   If that is the case, it seems 
to me that we should modify the Bacula ACL code to save/restore *all* the 
extended attributes.  However, maybe that is not so easy.  

Do you have any idea what the low level system calls are that get/set extended 
attributes?  (i.e. what does getfattr and setfattr use?).

-- 
Best regards,

Kern

  (">
  /\
  V_V


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to