Arno Lehmann wrote:
>>> In any case, resetting the SELinux attributes is rather trivial ...
>> This is something I have to do. And could dedicate paid time to it, if I
>> feel that is going somewhere.
>
> Surely.
>
>> I have read that Amanda handles SELinux, but the information regarding
>> that is cryptic as well.
>
> As Amanda relies on dump or tar to do actual backups, you end up with the
> question of those handle the xattribs. dump usually does, regarding tar I'm
> unsure. the tar info and man pages on my system don't talk about that.
In the case of tar at least, the main upstream version is not selinux aware.
RedHat/Fedora ship with a version that has been patched to handle xattr
support, which should be helpful. I can dig up the patch from the tar that
Fedora ships if anyone is interested.
>> I would rather use Bacula if possible.
>
> Very nice objective, so I'll see if I can provide some pointers.
>
>> Would like to discuss this with other interested parties, off-line if
>> necessary
>
> For now, let's keep this on-line. I believe others will be interested, too.
>
>
> First of all, I would recommend simply testing what happens when you back
> up files with extended attributes. Of course you shoud set "ACL Support =
> Yes" in your fileset.
>
> ACLs should be backed up and restored correctly.
>
> Then try some generic xattribs. If those are not saved and restored, you
> know where to start digging.
>
> Finally, run tests with SELinux related data in xattribs.
>
> In the end, you should know if xattrib support is complete, partially
> implemented, or totally non-existent.
>
> Once you know that, try to get other users with different platforms to
> confirm - you'll need an overview about what happens with different OSes
> and file systems as it's probably not a good idea to limit your (possible)
> work to few platforms.
>
> After you did all this, sum up your findings and start discussing them and
> what you'd like to see at bacula-devel. You'll probably find helpful advice
> there.
>
> In the meantime, it wouldn't hurt at all if you checked out the source from
> the svn repository and start digging through it - you'll need some
> understanding of it soon (hopefully :-)
>
> Does that sound useable?
>
> (By the way - I believe that SELinux is not widely used as it's complicated
> to use effectively. Actually, none of my customers uses it, and I assume
> they've got their reasons...)
It's not incredibly widely used across different distributions, but it's
seeing more and more use in RedHat and Fedora ones. A lot of work has been
done on making it usable as well as secure in the last couple of years. The
first pass had a well deserved reputation for making a system secure by making
it unusable, but recent versions are actually pretty good about "just working"
out of the box, and come with far, far better troubleshooting and
configuration tools.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|