#44 Issue closed: SELinux support in backup code¶
Labels: enhancement, needs sponsorship
dagwieers opened issue at 2012-03-30 07:34:¶
Currently SELinux is disable for backup and we have to fix this.
- Avoid disabling selinux during backup
- add
--selinuxoption to tar and testing rsync -Xoption tests required
- add
gdha commented at 2012-04-02 06:51:¶
- reminder for myself - should publish the results of my tests done last year
bleyers commented at 2012-04-23 19:11:¶
I have the SELinux policy set on Enforce and I don't have any
problems.
The only thing i need to do after the backup (from DP) is restored is
cd /mnt/local
touch .autorelabel
Then i reboot...
dagwieers commented at 2012-04-23 21:46:¶
If I understand the issue correctly, you loose any SELinux contexts that have manually been modified because neither rsync, nor tar are actually backing up the additional SELinux metadata. I don't know whether DataProtector does it, but since you state you have to force autorelabeling, I doubt DP is doing this correctly either. And you effectively lost any manual modifications.
It is possible DP does not have SELinux support (or extended attributes). Maybe we should make the original report a bit more clear to what is affected and to what extent.
bleyers commented at 2012-04-24 13:02:¶
I don't have any real experience with SELinux, I know that it is a
security thingie that is usually enabled by default.
When I first tested REAR is couldn't get the recovered machine to work
after the reboot.
I then found that I had to relabel the files to get the recovered system
to work.
I don't have manually modified anything concerning SELinux so that's why
the force autorelabel is no problem for me.
Not having to do the relabel would be great off course..
dagwieers commented at 2012-04-24 13:06:¶
@bleyers Don't get me wrong, I value your input. For one it helps us to clarify what we still need to do, and in some cases (maybe DP ?) we may as well have to let Rear automatically relabel the filesystem(s) in order to make it boot. So any feedback to our tickets helps us stay on track and clarify what is needed (until someone comes around and implements it ;-))
dagwieers commented at 2012-06-07 13:21:¶
Relabeling my filesystem took more than 10 minutes, and any custom labels would have been lost. So this issue need to be fixed if we want to have fast and seamless restores with SELinux.
gdha commented at 2016-09-05 06:40:¶
Due to time pressure (for new release) and lack of interest of the community we push this feature forward.
gdha commented at 2016-09-07 14:47:¶
Added it to the sponsor list - close it
[Export of Github issue for rear/rear.]