On Fri, 27 Jan 2006 12:15:54 -0800, dean gaudet wrote: >> dumb selinux question... does rdiff-backup have permissions to read all >> the attributes? i assume selinux has some way of controlling that...
root can read the contexts, e.g. with "ls -lZ" (note the Z); I don't know exactly how it's done (behind the scenes). > also further dumb selinux question... i wonder if rdiff-backup's > filesystem capabilities detection code is getting errors because selinux > is preventing it from testing extended attributes... you might try > running with a -vN for some N>4 to get more verbose logging. "rdiff-backup -v 4 /var/lib/rpm /root/test/rpm yields: ================================================================= ACLs not supported by filesystem at /var/lib/rpm ----------------------------------------------------------------- Detected abilities for source (read only) file system: Access control lists Off Extended attributes On Mac OS X style resource forks Off Mac OS X Finder information Off ----------------------------------------------------------------- Extended attributes not supported by filesystem at test/rpm/rdiff-backup-data/rdiff-backup.tmp.0 ACLs not supported by filesystem at test/rpm/rdiff-backup-data/rdiff-backup.tmp.0 ----------------------------------------------------------------- Detected abilities for destination (read/write) file system: Characters needing quoting '' Ownership changing On Hard linking On fsync() directories On Directory inc permissions On High-bit permissions On Access control lists Off Extended attributes Off Mac OS X style resource forks Off Mac OS X Finder information Off ----------------------------------------------------------------- Starting mirror /var/lib/rpm to test/rpm ================================================================= In this test, I'm backing up on the same system (and even on the same file system), as root. I'm not 100% sure of what the file system _really_ permits, but it's strange that the value of "Extended attributes" differs. And I find it strange that ACLs aren't seen as supported, but I'll have to look closer into it (it could be that I need to do something to turn them on). > and for restores it would certainly need to be able to recreate all > selinux attributes -- a privelege level which is almost certainly not > the default for all binaries even when run as root... Well, I can easily use the "chcon" utility as root, so nothing should prevent the same kind of operation when restoring. But as this point, I'm mostly interested in finding out why rdiff-backup isn't recording the security context values in the metadata database. -- Greetings from Troels Arvin _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
