On Wednesday 04 January 2006 18:48, Gary Kopp wrote: > Thanks, Frank. I'm building a new Internet-facing network, and the only > server where I know I need the added protection of SELinux is my web > server/SMTP relay. I don't know if FC is the same, but with RHEL4 a > "targeted policy" is installed by default. A quick study of the RH doc > makes me think this particular policy may be adequate for my web server, > saving me a ton of work in hand-crafting a SELinux policy.
The above is probably true, *providing* you use the default RedHat file installation locations. > But what I > don't know is if this will result in "all of your files have the default > selinux contexts", allowing the boot scripts to do their thing. It's going > to take me some digging to figure this out. But thanks for your pointers. > > BTW, although this may be heretical in this list, do you know of any > commercial Linux backup solutions that fully support bare metal recovery of > a SELinux-enabled system? I guess I could also look at using star from a > Knoppix boot, but that's really getting out deep in left field. I think you are over worried about the SELinux attributes. They are easily reset system wide or on a directory by directory basis with a simple command that could be put into a script to run after any restore ... > > --Gary Kopp > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Frank > Sweetser > Sent: Wednesday, January 04, 2006 9:55 AM > To: Gary Kopp > Cc: bacula-users@lists.sourceforge.net > Subject: Re: [Bacula-users] Backup xattrs (SELinux)? > > On Wed, Jan 04, 2006 at 09:45:32AM -0700, Gary Kopp wrote: > > Searching has so far only turned up one old post in another mailing list > > suggested Bacula needed a patch to handle this, so let me ask here. > > > > Will Bacula back up and restore the xattrs (extended attributes) used by > > SELinux? My environment is RHEL4, but SELinux xattrs are common across > > all > > > implementations AFAIK. > > No, it doesn't. > > If all of your files have the default selinux contexts, the simplest > solution > is to simply ensure that on a bare metal recovery you also ensure that > /.autolabel file (IIRC) is created. On FC4 at least this will cause the > boot > scripts to troll through / and make the contexts match those defined in the > policy. > > Other than that, you could probably hack up a script similar to the one > listed > for backing up ACLs. This could take a while on a system with a lot of > files, > and you would have to work a way to reapply those contexts on restore > manually, > but at least the data would be there. > > That said, I don't suppose there happen to be any plans to backup xattrs? > I'd > be more than happy to volunteer to test out any code to do so. -- Best regards, Kern ("> /\ V_V ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
