Menu
▾
▴
dump-users
|
From: Brian K. <br...@kr...> - 2009-07-07 23:34:45
|
Hi, Is there a way to exclude xattr from dumps? I am dump/restoring over the network via NFS and keep getting EA errors even though I have selinux disabled. An example of an error; restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set security.selinux:system_u:object_r:etc_t:s0 failed: Operation not supported. I understand the NFS doesn't preserve xattr and when I do lsxattr, I get nothing in terms of extended attributes used. My command; dump -f - / | restore -r -f - Should I pipe dump to ssh or rsync to avoid NFS and xattr issues? - Brian |
|
From: Stelian P. <st...@po...> - 2009-07-14 18:51:35
|
Hi Brian, On Tue, Jul 07, 2009 at 04:32:46PM -0700, Brian Krusic wrote: > Is there a way to exclude xattr from dumps? Sorry for taking so long to answer. Unfortunately no, there is no way right now to ignore the dumping of EAs. It would be indeed be nice to have an option in dump and/or restore to inhibit the treatment of EAs. I'm not sure I'll implement this very soon, but anyway it would be nice if you could submit an enhancement request on sourceforge, so I will not forget about this. Thanks! -- Stelian Pop <st...@po...> |
|
From: Brian K. <br...@kr...> - 2009-07-14 18:56:45
|
Hi,
I found a solution.
Here it is;
cd / && find . -exec setfattr -h -x security.selinux '{}' \;
This removes all selinux context data so that my dump/restores are
clean and the logs don't get filled with junk.
This only works with selinux disabled of course.
- Brian
On Jul 14, 2009, at 11:51 AM, Stelian Pop wrote:
> Hi Brian,
>
> On Tue, Jul 07, 2009 at 04:32:46PM -0700, Brian Krusic wrote:
>
>> Is there a way to exclude xattr from dumps?
>
> Sorry for taking so long to answer.
>
> Unfortunately no, there is no way right now to ignore the dumping of
> EAs.
>
> It would be indeed be nice to have an option in dump and/or restore to
> inhibit the treatment of EAs.
>
> I'm not sure I'll implement this very soon, but anyway it would be
> nice
> if you could submit an enhancement request on sourceforge,
> so I will not forget about this.
>
> Thanks!
>
> --
> Stelian Pop <st...@po...>
|
|
From: Stelian P. <st...@po...> - 2009-07-14 19:00:11
|
On Tue, Jul 14, 2009 at 11:56:26AM -0700, Brian Krusic wrote:
> I found a solution.
>
> Here it is;
>
> cd / && find . -exec setfattr -h -x security.selinux '{}' \;
>
> This removes all selinux context data so that my dump/restores are
> clean and the logs don't get filled with junk.
>
> This only works with selinux disabled of course.
Right. But this also modifies your disk files, so if you ever decide
to reactivate selinux it will no longer work...
--
Stelian Pop <st...@po...>
|
|
From: Brian K. <br...@kr...> - 2009-07-14 19:05:24
|
Actually I tested this.
When you activate selinux, it will automatically relable the files and
then one must reboot.
You can also manually relable them.
- Brian
On Jul 14, 2009, at 11:59 AM, Stelian Pop wrote:
> On Tue, Jul 14, 2009 at 11:56:26AM -0700, Brian Krusic wrote:
>
>> I found a solution.
>>
>> Here it is;
>>
>> cd / && find . -exec setfattr -h -x security.selinux '{}' \;
>>
>> This removes all selinux context data so that my dump/restores are
>> clean and the logs don't get filled with junk.
>>
>> This only works with selinux disabled of course.
>
> Right. But this also modifies your disk files, so if you ever decide
> to reactivate selinux it will no longer work...
>
> --
> Stelian Pop <st...@po...>
|
|
From: Stelian P. <st...@po...> - 2009-07-14 19:27:31
|
On Tue, Jul 14, 2009 at 12:05:10PM -0700, Brian Krusic wrote: > Actually I tested this. > > When you activate selinux, it will automatically relable the files and > then one must reboot. > > You can also manually relable them. Ah ok. You obviously know better about selinux than me :) Stelian. -- Stelian Pop <st...@po...> |
|
From: Brian K. <br...@kr...> - 2009-07-14 19:33:55
|
Well, actually I dunno jak but thanks. I've seen your name around the boards over the years and would have to say that you know an order of magnitude more than I. I'll submit a feature request as tar, etc... can ignore EA fromage if one desires. I figure that I can't be the only one doing dump/ restores over NFS. And if I am, then mebbe I am just old skewl. - Brian On Jul 14, 2009, at 12:27 PM, Stelian Pop wrote: > On Tue, Jul 14, 2009 at 12:05:10PM -0700, Brian Krusic wrote: > >> Actually I tested this. >> >> When you activate selinux, it will automatically relable the files >> and >> then one must reboot. >> >> You can also manually relable them. > > Ah ok. You obviously know better about selinux than me :) > > Stelian. > -- > Stelian Pop <st...@po...> |
|
From: <phu...@wi...> - 2009-07-14 23:10:13
|
> I figure that I can't be the only one doing dump/restores > over NFS. Restore maybe, but dump expects to read the filesystem directly AFAIK -- that's why we need a different version to handle ext2fs than for ufs. I've always run dump on the machine where the disk being backed up actually is, and preferably with the filesystem unmounted and/or the machine in single-user mode. The output can, of course, be sent elsewhere via rmt, ssh, etc. |
|
From: Kenneth P. <sh...@se...> - 2009-07-14 22:00:37
|
--On Tuesday, July 14, 2009 1:05 PM -0700 Brian Krusic <br...@kr...> wrote: > When you activate selinux, it will automatically relable the files and > then one must reboot. It will relabel some, but not all. I wouldn't expect relabeling of any files in /home, since you might customize the labeling of files in your home dir for various reasons. I know that when I had trouble with mail, I had to manually relabel mail folders in ~/mail. |
|
From: Brian K. <br...@kr...> - 2009-07-14 22:19:30
|
Actually, in my version of centos 5.3 (kernal 2.6.18-128.1.16), I saw everything get labeled upon selinux activation. Perhaps your behavior was due to an earlier kernel version? - Brian On Jul 14, 2009, at 3:00 PM, Kenneth Porter wrote: > --On Tuesday, July 14, 2009 1:05 PM -0700 Brian Krusic <br...@kr... > > > wrote: > >> When you activate selinux, it will automatically relable the files >> and >> then one must reboot. > > It will relabel some, but not all. I wouldn't expect relabeling of any > files in /home, since you might customize the labeling of files in > your > home dir for various reasons. I know that when I had trouble with > mail, I > had to manually relabel mail folders in ~/mail. > > > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited > time, > vendors submitting new applications to BlackBerry App World(TM) will > have > the opportunity to enter the BlackBerry Developer Challenge. See > full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > Dump-users mailing list > Dum...@li... > https://lists.sourceforge.net/lists/listinfo/dump-users |
|
From: Kenneth P. <sh...@se...> - 2009-07-14 22:59:27
|
--On Tuesday, July 14, 2009 4:19 PM -0700 Brian Krusic <br...@kr...> wrote: > Actually, in my version of centos 5.3 (kernal 2.6.18-128.1.16), I saw > everything get labeled upon selinux activation. > > Perhaps your behavior was due to an earlier kernel version? Was this on initial installation or later? I didn't initially install dovecot (IMAP server) and it was failing to access individual mail folders until I manually relabeled them. This was about 2 months ago, after updating the whole system first. I did a minimal install, then used yum to pull all the packages I really needed, to get the latest of everything. Oh, I'd copied all the home folders from an old FC2 system, so they naturally lacked any labeling at all. So perhaps disabling and re-enabling SELinux with the right magic command would have relabeled those files. |
|
From: Brian K. <br...@kr...> - 2009-07-14 23:40:11
|
Actually good point. This was later, after disabling then enabling selinux. I also noticed that before I embarked on this whole dump/restore NFS EA issue, that some files were labeled while others of the same age weren't. - Brian On Jul 14, 2009, at 3:58 PM, Kenneth Porter wrote: > --On Tuesday, July 14, 2009 4:19 PM -0700 Brian Krusic <br...@kr... > > wrote: > >> Actually, in my version of centos 5.3 (kernal 2.6.18-128.1.16), I saw >> everything get labeled upon selinux activation. >> >> Perhaps your behavior was due to an earlier kernel version? > > Was this on initial installation or later? > > I didn't initially install dovecot (IMAP server) and it was failing > to access individual mail folders until I manually relabeled them. > This was about 2 months ago, after updating the whole system first. > I did a minimal install, then used yum to pull all the packages I > really needed, to get the latest of everything. > > Oh, I'd copied all the home folders from an old FC2 system, so they > naturally lacked any labeling at all. So perhaps disabling and re- > enabling SELinux with the right magic command would have relabeled > those files. > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X