Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] SELinux xattrs

2008-07-29 03:38:13
Subject: Re: [Bacula-users] SELinux xattrs
From: Arno Lehmann <al AT its-lehmann DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Tue, 29 Jul 2008 09:37:56 +0200 
Hi,

29.07.2008 04:13, Nick Gray wrote:
> All,
> 
> New to list, looking for a good solution to backing up SELinux systems with 
> MLS policies.

Definitely an interesting task.

> The last reference I can find to SELinux in the Bacula-Users list is dated 20 
> Feb 2007.
> 
> The reference was non-committal at best (see below). Is anyone working 
> with/on/using this.
> 
> 
>>On Tuesday 20 February 2007 07:54, Florin Andrei wrote:
>>> With v2.0.2 on a recent Linux distro that supports SELinux, if I do a
>>> restore from a backup, will the SELinux attributes of the files be
>>> restored too?
>>>
>>> Is there any connection between SELinux attributes and "aclsupport = yes" ?
>>
>>I would like to know the answer when you figure it out.
>>
>>However, my best guess is that if you set ACL Support = yes, the SELinux 
>>attributes will be saved/restores since, unless I am mistaken, SELinux uses 
>>POSIX attributes.

That at least is what I know, too.

>>In any case, resetting the SELinux attributes is rather trivial ...
> 
> This is something I have to do. And could dedicate paid time to it, if I feel 
> that is going somewhere.

Surely.

> I have read that Amanda handles SELinux, but the information regarding that 
> is cryptic as well.

As Amanda relies on dump or tar to do actual backups, you end up with 
the question of those handle the xattribs. dump usually does, 
regarding tar I'm unsure. the tar info and man pages on my system 
don't talk about that.

> I would rather use Bacula if possible.

Very nice objective, so I'll see if I can provide some pointers.

> Would like to discuss this with other interested parties, off-line if 
> necessary

For now, let's keep this on-line. I believe others will be interested, 
too.

First of all, I would recommend simply testing what happens when you 
back up files with extended attributes. Of course you shoud set "ACL 
Support = Yes" in your fileset.

ACLs should be backed up and restored correctly.

Then try some generic xattribs. If those are not saved and restored, 
you know where to start digging.

Finally, run tests with SELinux related data in xattribs.

In the end, you should know if xattrib support is complete, partially 
implemented, or totally non-existent.

Once you know that, try to get other users with different platforms to 
confirm - you'll need an overview about what happens with different 
OSes and file systems as it's probably not a good idea to limit your 
(possible) work to few platforms.

After you did all this, sum up your findings and start discussing them 
and what you'd like to see at bacula-devel. You'll probably find 
helpful advice there.

In the meantime, it wouldn't hurt at all if you checked out the source 
from the svn repository and start digging through it - you'll need 
some understanding of it soon (hopefully :-)

Does that sound useable?

(By the way - I believe that SELinux is not widely used as it's 
complicated to use effectively. Actually, none of my customers uses 
it, and I assume they've got their reasons...)

Arno

> --
> 
> Nick Gray
> 
> Magitek LTD.
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users

-- 
Arno Lehmann
IT-Service Lehmann
www.its-lehmann.de

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Multiple tape drives, John Drescher
Next by Date:  Re: [Bacula-users] SELinux xattrs, Tilman Schmidt
Previous by Thread:  [Bacula-users] SELinux xattrs, Nick Gray
Next by Thread:  Re: [Bacula-users] SELinux xattrs, Tilman Schmidt
Indexes:  [Date] [Thread] [Top] [All Lists]