Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] SELinux xattrs

2008-07-29 07:17:43
Subject: Re: [Bacula-users] SELinux xattrs
From: Frank Sweetser <fs AT WPI DOT EDU>
To: Arno Lehmann <al AT its-lehmann DOT de>
Date: Tue, 29 Jul 2008 07:17:28 -0400 
Arno Lehmann wrote:
> Hi,
> 
> 29.07.2008 12:51, Frank Sweetser wrote:
>> Arno Lehmann wrote:
>>>>> In any case, resetting the SELinux attributes is rather trivial ...
>>>> This is something I have to do. And could dedicate paid time to it, if I
>>>> feel that is going somewhere.
>>> Surely.
>>>
>>>> I have read that Amanda handles SELinux, but the information regarding
>>>> that is cryptic as well.
>>> As Amanda relies on dump or tar to do actual backups, you end up with the
>>> question of those handle the xattribs. dump usually does, regarding tar I'm
>>> unsure. the tar info and man pages on my system don't talk about that.
>> In the case of tar at least, the main upstream version is not selinux aware.
>> RedHat/Fedora ship with a version that has been patched to handle xattr
>> support, which should be helpful.  I can dig up the patch from the tar that
>> Fedora ships if anyone is interested.
> 
> That points us at one other problem with Amandas approach: No platform 
> independenca. A backup done with dump on a Sun can be practically 
> useless if you need to restore to a Windows or linux box... Similarly, 
> xattrs captured by a patched tar don't help you much if you've got to 
> restore to a newly installed replacement system.

Indeed - the only way I'd feel even remotely comfortable using Amandas backup
methodology would be to use a dedicated copy of GNU tar or cpio to ensure
consistency.  Once you get outside of the Linux/*BSD world, there are too many
weird vendor quirks that could make life interesting in an uncomfortable way.

> I still see the advice to disable SELinux if third party applications 
> don't work on RH quite often... In fact I always wonder why people 
> install and use SELinux if they're not capable of managing it, but 
> that's another story...

Indeed.  Let's just be grateful that Bacula only has to concern itself with a
very small and simple portion of SELinux to work =)

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] waiting for higher priority jobs to finish, Arno Lehmann
Next by Date:  [Bacula-users] CentOS EPEL 2.0.3-10.el5.x86_64 upgrade 2.4.1-1.el5.x86_64.rpm, Keith Sudbury
Previous by Thread:  Re: [Bacula-users] SELinux xattrs, Arno Lehmann
Next by Thread:  Re: [Bacula-users] SELinux xattrs, Chris Hoogendyk
Indexes:  [Date] [Thread] [Top] [All Lists]