Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] SELinux xattrs

2008-07-30 17:32:01
Subject: Re: [Bacula-users] SELinux xattrs
From: Arno Lehmann <al AT its-lehmann DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Wed, 30 Jul 2008 23:31:33 +0200 
Hi,

30.07.2008 20:19, Chris Hoogendyk wrote:
> 
> Frank Sweetser wrote:
>> Arno Lehmann wrote:
>>   
>>> Hi,
>>>
>>> 29.07.2008 12:51, Frank Sweetser wrote:
>>>     
>>>> Arno Lehmann wrote:
...
>> Indeed.  Let's just be grateful that Bacula only has to concern itself with a
>> very small and simple portion of SELinux to work =)
>>   
> 
> I'm not sure why Amanda bashing periodically rears its head on this 
> list. It seems irrelevant to the purposes of the list.

Hey, I don't think we are doing any Amanda-bashing here. I just 
pointed out one of the differences between Amandas and Baculas 
approach to back up data. I'm absolutely aware that both approaches 
have their disadvantages and advantages.

What Frank stated was that cross-platform portability of backed up 
data is not something Amanda ensures, but instead as a backup admin 
you need to know how to handle this - no bashing there, I think.

> If I were in a Solaris shop, and I were using Amanda, I would choose to 
> use ufsdump. I wouldn't particularly care that it was Solaris specific, 
> because that would be appropriate. Not only would I always have 
> something to recover to, but my choice for recovery would always be one 
> of my Solaris servers.

Sure. I'd probably do the same in that case (unless I needed to back 
up only parts of the file systems), but the assumption is that you 
really are in a one-OS-only shop, and that you can ensure you have 
that platform available as long as you need your backed up data.

In many cases this doesn't work, though - here in Germany, medical 
records have to be available for 30 years, for example. Baculas 
platform-independent data format is much more convenient in such a 
scenario. On the other hand, preparing for a bare-metal restore of a 
classic unix machine is definitely easier using dump'ed file systems.

> If I were in a mixed shop with no dominant platform, then (as Frank 
> suggested) I would choose to use GNU Tar. That would give the ability to 
> recover data to whichever server I wanted. OS and installed software 
> backups would still be platform specific, and there just isn't any way 
> around that -- you can't run a Solaris SPARC binary on a Linux AMD box. 

True so far, but consider what you write below...

> Sometimes, (with a boot partition) even if you recover from one Solaris 
> SPARC box to a slightly different Solaris SPARC box, you have to go 
> through the contortions of rebuilding the device tree, etc.
> 
> If a vendor for a particular OS or distribution implements access 
> controls or extended attributes that are different from other OS's or 
> distributions (say Redhat distributing SELinux, or the MacOSX additions 
> to BSD), then that has to be dealt with somehow. Since the vendor 
> includes tools like dump or gnutar in their distribution, they need to 
> modify or patch those to work with their extensions, if necessary, 
> otherwise their distribution is arguably broken. If the vendor does 
> their job, then Amanda just works.

... because I can not trust the vendors to do their jobs:

tar --xattrs cvf /tmp/test.tar apctest.output
tar: unrecognized option `--xattrs'
Try `tar --help' or `tar --usage' for more information.

and

tar --version
tar (GNU tar) 1.17

and

uname -a
Linux neuelf 2.6.22.18-0.2-default #1 SMP 2008-06-09 13:53:20 +0200 
x86_64 x86_64 x86_64 GNU/Linux

and

cat /etc/SuSE-release
openSUSE 10.3 (X86-64)
VERSION = 10.3

i.e., not exactly outdated.

> Whether the vendor does their job or 
> not, Bacula developers have to re-invent those code changes to capture 
> the access controls and extended attributes. That has in some instances 
> resulted in delays and periods of time when Bacuala does not back up 
> those features and people have to develop workarounds. This can be done, 
> and has been described on the list; but, nevertheless, it is extra work 
> and effort.

Yes.

> As for recovering from one platform to another, there are posix 
> standards for extended attributes and acl's. With GNU Tar, you can 
> specify that you want to capture extended attributes (and it is SELinux 
> aware, see http://linux.die.net/man/1/tar and look for --xattrs), and 
> you can also specify that you want a posix (or pax) archive. Your 
> individual platforms still need to support those, if you expect to 
> recover them, but that's completely separate from what tool you choose 
> to back them up with.

Well, translating from one system of extended attributes and ACLs to 
the other is definitely something on my wish list ;-)

> If you recover to a platform that doesn't support 
> them, you will lose the attributes and perhaps be violating company 
> security policies in some instances.

Actually, I'm more worried about cross-platform data portability, i.e. 
what do I do if I have backup data from a sun and need to restore to a 
windows machine? I don't think that's easily done using dump'ed 
filesystems (where I usually have a consistent file system plus all 
attributes); tar archives are easier regarding portability, but - as 
we see above - often lack support for additional metadata (not to 
mention some seriously limited tars provided by unix vendors - that's 
not something I know about myself).

Anyway, I'm quite sure that Bacula approaches these issues much more 
successfully than Amanda - for me, or rather, my customers.
I'm also quite sure that, with a different set of requirements, Amanda 
would be the better tool.

Arno

> 
> ---------------
> 
> Chris Hoogendyk
> 
> -
>    O__  ---- Systems Administrator
>   c/ /'_ --- Biology & Geology Departments
>  (*) \(*) -- 140 Morrill Science Center
> ~~~~~~~~~~ - University of Massachusetts, Amherst 
> 
> <hoogendyk AT bio.umass DOT edu>
> 
> --------------- 
> 
> Erdös 4
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 

-- 
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
www.its-lehmann.de

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] VSS failure backing up Exchange on Windows Server 2008 64bit, David Denney
Next by Date:  [Bacula-users] Cannot find any appendable volumes..., Keith Sudbury
Previous by Thread:  Re: [Bacula-users] SELinux xattrs, Chris Hoogendyk
Next by Thread:  Re: [Bacula-users] SELinux xattrs, Frank Sweetser
Indexes:  [Date] [Thread] [Top] [All Lists]