On Wed, Jan 04, 2006 at 07:19:30PM +0100, Kern Sibbald wrote:
> I am not an ACL expert, so could you explain to me what the difference
> between xattrs are and "regular" Linux ACLs, which can be backed up and
> restored by Bacula?
SELinux uses a different mechanism than ACLs. The way it works is fairly
complex, but the relevant bit for backing up are the extended attributes.
While I do believe that on Linux POSIX ACLs are stored on the filesystem as
extended attributes, bacula currently uses the libacl API to get/set them.
Extended attributes allow you to associate a number of arbitrary "key=value"
pairs with a given filesystem object. Selinux uses certain well-known
key names. You can use the getfattr and setfattr commands to look at the
values on selinux enabled systems. For example
[EMAIL PROTECTED] ~]$ getfattr -d -m . /bin/ls
getfattr: Removing leading '/' from absolute path names
# file: bin/ls
security.selinux="system_u:object_r:ls_exec_t\000"
This is how selinux encodes that /bin/ls has an selinux context of
system_u:object_r:ls_exec_t on disk.
Make sense?
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
