On Tue, Mar 21, 2017 at 11:04 AM, Tom H <[email protected]> wrote: > On Tue, Mar 21, 2017 at 10:06 AM, Lars Behrens <[email protected]> wrote: >> Am 21.03.2017 um 14:05 schrieb Nico Kadel-Garcia: >>> >>> How did you "copy the system"? Tar, for example, does not carry >>> along SELinux permissions. The "star" tool can. >> >> Yes, I forgot about the SELinux permissions, you're right. >> >> I did an 'rsync -xzav --numeric-ids' >> >> Where it seems that I should have added an '-X' when selinux comes into >> play, as I have learned now. > > Thanks. I'd searched in the past for "selinux" in "man rsync" and not > found anything so I assumed that it couldn't preserve selinux > contexts. I'd also run "ldd /usr/bin/rsync" and not seen libselinux > listed. I'll have to recheck.
On Fedora 25: th@localhost ~ $ ldd /usr/bin/cp | egrep 'attr|selinux' libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f75e1f51000) libattr.so.1 => /lib64/libattr.so.1 (0x00007f75e1b43000) th@localhost ~ $ ldd /usr/bin/rsync | egrep 'attr|selinux' libattr.so.1 => /lib64/libattr.so.1 (0x00007f30e1ea9000) th@localhost ~ $ ldd /usr/bin/star | egrep 'attr|selinux' libattr.so.1 => /lib64/libattr.so.1 (0x00007f5523fea000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5523dc3000) th@localhost ~ $ ldd /usr/bin/tar | egrep 'attr|selinux' libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fe38906e000) libattr.so.1 => /lib64/libattr.so.1 (0x00007fe388aa3000) So I assumed, wrongly, that rsync needs to be linked to libselinux for it to be able to preserve selinux labels.
