I use rsync for most of my backups. For a restore I can rsync the files back and touch /.autorelabel to restore the SE Linux labels. That combination gets all setuid files etc, but doesn't get file capabilities.
Below is an example. Is there a good way of preserving capabilities apart from running "getcap /bin/* /sbin/* /usr/bin/* /usr/sbin/*" and storing the output? Currently /bin/ping seems to be the only commonly used program using filesystem capability flags. Also is there a way of telling Debian to restore capabilities apart from "apt-get --reinstall install iputils-ping"? root@sevm:~# cp -a /bin/ping . root@sevm:~# rsync -va /bin/ping ping2 sending incremental file list ping sent 61,328 bytes received 35 bytes 122,726.00 bytes/sec total size is 61,240 speedup is 1.00 root@sevm:~# getcap ping ping2 ping = cap_net_raw+ep root@sevm:~# -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
