Re: SELinux attrs
2008-07-29 14:12:22
Am 28.07.08 20:27 schrieb(en) C. Chan:
The GNU tar in RHEL 5 seems to have been patched to allow backing up
ACLs and XATTRs.
Ah! *That* was a good hint! I'm running Ubuntu, and the gtar coming
with it doesn't have support for it.
So here's a short compilation of the steps to get Amanda 2.5.2p1
(coming with Ubuntu) happily back up and restore xattrs...
First, check if your version of GNU tar supports xattrs. If you use
recent RHEL (e.g. 5) or Fedora (e.g. 9) systems, you tar has already
been patched. However, on Ubuntu and probably Debian, it isn't... You
can check your tar by trying the "--xattr" flag. If it says
<snip>
$ tar --xattr
tar: unrecognized option `--xattr'
</snip>
then you tar does *not* support extended attributes. If it says
<snip>
$ tar --xattr
tar: You must specify one of the `-Acdtrux' options
</snip>
then you're fine! In order to get a selinux-enabled tar on Ubuntu
Hardy, I grabbed the tar source rpm for Fedora 9
(tar-1.19-4.fc9.src.rpm, from Updates), and built it on a FC box. I
then copied the source tree (which has the Fedora patches attached) to
my Ubuntu box, installed some missing development libs
apt-get install libselinux1-dev libacl1-dev
and then built a SELinux/extended attributes enabled tar in /opt:
<snip>
./configure --program-prefix=se --prefix=/opt --sysconfdir=/etc
--localstatedir=/var
make clean all
</snip>
The resulting patched tar will be /opt/bin/setar.
Now create a wrapper script, e.g. /usr/sbin/amgtar, to include the
"--xattr" option:
<snip>
#!/bin/sh
/opt/bin/setar --xattr "$@"
</snip>
Finally, rebuild amanda with the configure option
"--with-gnutar=/usr/sbin/amgtar" (this should be easier with 2.6, where
an application can be defined in the runtime config? Is that
correct?). In a first quick test, this /seems/ to work. I didn't test
it thoroughly, so *please* be careful if you want to go ahead with it
on a production system!
Hope this helps,
Albrecht.
pgpDnqPESjnFn.pgp
Description: PGP signature
|
|
|