Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] SELinux xattrs

2008-07-29 07:12:12
Subject: Re: [Bacula-users] SELinux xattrs
From: Arno Lehmann <al AT its-lehmann DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Tue, 29 Jul 2008 13:11:53 +0200 
Hi,

29.07.2008 12:51, Frank Sweetser wrote:
> Arno Lehmann wrote:
>>>> In any case, resetting the SELinux attributes is rather trivial ...
>>> This is something I have to do. And could dedicate paid time to it, if I
>>> feel that is going somewhere.
>> Surely.
>>
>>> I have read that Amanda handles SELinux, but the information regarding
>>> that is cryptic as well.
>> As Amanda relies on dump or tar to do actual backups, you end up with the
>> question of those handle the xattribs. dump usually does, regarding tar I'm
>> unsure. the tar info and man pages on my system don't talk about that.
> 
> In the case of tar at least, the main upstream version is not selinux aware.
> RedHat/Fedora ship with a version that has been patched to handle xattr
> support, which should be helpful.  I can dig up the patch from the tar that
> Fedora ships if anyone is interested.

That points us at one other problem with Amandas approach: No platform 
independenca. A backup done with dump on a Sun can be practically 
useless if you need to restore to a Windows or linux box... Similarly, 
xattrs captured by a patched tar don't help you much if you've got to 
restore to a newly installed replacement system.

...
>>
>> (By the way - I believe that SELinux is not widely used as it's complicated
>> to use effectively. Actually, none of my customers uses it, and I assume
>> they've got their reasons...)
> 
> It's not incredibly widely used across different distributions, but it's
> seeing more and more use in RedHat and Fedora ones.   A lot of work has been
> done on making it usable as well as secure in the last couple of years.  The
> first pass had a well deserved reputation for making a system secure by making
> it unusable, but recent versions are actually pretty good about "just working"
> out of the box, and come with far, far better troubleshooting and
> configuration tools.

I still see the advice to disable SELinux if third party applications 
don't work on RH quite often... In fact I always wonder why people 
install and use SELinux if they're not capable of managing it, but 
that's another story...

Arno

> 

-- 
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
www.its-lehmann.de

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] SELinux xattrs, Frank Sweetser
Next by Date:  Re: [Bacula-users] waiting for higher priority jobs to finish, Arno Lehmann
Previous by Thread:  Re: [Bacula-users] SELinux xattrs, Frank Sweetser
Next by Thread:  Re: [Bacula-users] SELinux xattrs, Frank Sweetser
Indexes:  [Date] [Thread] [Top] [All Lists]