From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l5DHW53L015320 for ; Wed, 13 Jun 2007 13:32:05 -0400 Received: from neve.di.ubi.pt (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id l5DHW2qp021504 for ; Wed, 13 Jun 2007 17:32:04 GMT Received: from sdfsdksf ([10.0.1.253]) (authenticated bits=0) by neve.di.ubi.pt (8.13.1/8.13.1) with ESMTP id l5DHbtBV032286 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Wed, 13 Jun 2007 18:38:00 +0100 Message-ID: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> From: "david carvalho" To: Subject: selinux backups Date: Wed, 13 Jun 2007 18:32:26 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0498_01C7ADE9.31550870" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------=_NextPart_000_0498_01C7ADE9.31550870 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Good afternoon. Wich is the best way to make a backup of a system running lvm and = selinux ? It seems that with lvm systems, the best way is to take a snapshot (wich = seems a waste of space in a Volume Group). But with Selinux ? tar-1.15 doesn't apply = the right=20 permissions when extracting (at least of what I tested).=20 I've bee using "dump" for a while, and I tested it right now and it = preserves the "extended attributes" so it seems to be the right option = for me since the scripts I'm using, use "dump" Is it possible/preferable to use tar or star ? Thanks. Regards David ------=_NextPart_000_0498_01C7ADE9.31550870 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Good afternoon.

Wich is the best way to make a backup of a = system running=20 lvm and selinux ?

It seems that with lvm systems, the best way is = to take a=20 snapshot (wich seems a waste

of space in a Volume Group). But with Selinux = ? =20 tar-1.15 doesn't apply the right

permissions when extracting (at least of what I = tested).=20

I've bee using "dump" for a while, and I tested it right now and it = preserves the "extended attributes" so it seems to be the right option = for me=20 since the scripts I'm using, use "dump"

Is it possible/preferable to use tar or star ?

Thanks.

Regards

David

------=_NextPart_000_0498_01C7ADE9.31550870-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: selinux backups From: Stephen Smalley To: david carvalho Cc: selinux@tycho.nsa.gov, Daniel J Walsh , James Antill In-Reply-To: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> References: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> Content-Type: text/plain Date: Wed, 13 Jun 2007 14:18:21 -0400 Message-Id: <1181758701.17547.453.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, 2007-06-13 at 18:32 +0100, david carvalho wrote: > Good afternoon. > Wich is the best way to make a backup of a system running lvm and > selinux ? > It seems that with lvm systems, the best way is to take a snapshot > (wich seems a waste > of space in a Volume Group). But with Selinux ? tar-1.15 doesn't > apply the right > permissions when extracting (at least of what I tested). > I've bee using "dump" for a while, and I tested it right now and it > preserves the "extended attributes" so it seems to be the right option > for me since the scripts I'm using, use "dump" > Is it possible/preferable to use tar or star ? What's your distribution and release? star was the first to support preserving xattrs and selinux, dump/restore later added support, and I think that even tar now has support at least in Fedora. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 14 Jun 2007 11:49:58 +0900 To: Stephen Smalley Cc: david carvalho , selinux@tycho.nsa.gov, Daniel J Walsh , James Antill Subject: Re: selinux backups Message-ID: <20070614024958.GA19806@insanity.honto.info> References: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> <1181758701.17547.453.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp In-Reply-To: <1181758701.17547.453.camel@moss-spartans.epoch.ncsc.mil> From: omok@honto.info (Kazuki Omo) Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Hi, I checked some backup program for writing selinux article; http://www.atmarkit.co.jp/fsecurity/rensai/selinux202/selinux01.html (Available on next week, but it has Japanese character only.) Current dump/restore and star are supporting SELinux. If you want to use "cp", you have to use "-c" option for copying xattrs. Also, I couldn't take xattrs by "tar" and "rsync" on CentOS4.4. I didn't check "tar" on Fedora, so it might be able to take xattr. I don't know how we can take xattr with "rsync":-( Regards, OMO On Wed, Jun 13, 2007 at 02:18:21PM -0400, Stephen Smalley wrote: > On Wed, 2007-06-13 at 18:32 +0100, david carvalho wrote: > > Good afternoon. > > Wich is the best way to make a backup of a system running lvm and > > selinux ? > > It seems that with lvm systems, the best way is to take a snapshot > > (wich seems a waste > > of space in a Volume Group). But with Selinux ? tar-1.15 doesn't > > apply the right > > permissions when extracting (at least of what I tested). > > I've bee using "dump" for a while, and I tested it right now and it > > preserves the "extended attributes" so it seems to be the right option > > for me since the scripts I'm using, use "dump" > > Is it possible/preferable to use tar or star ? > > What's your distribution and release? star was the first to support > preserving xattrs and selinux, dump/restore later added support, and I > think that even tar now has support at least in Fedora. > > -- > Stephen Smalley > National Security Agency > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. > -- Kazuki Omo: omok@honto.info LIDS Japanese Information: Japanese: http://www.selinux.gr.jp/LIDS-JP/index.html English: http://www.selinux.gr.jp/LIDS-JP/LIDS_en/index.html Diary: http://omok.livejournal.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l5EAcnMd025289 for ; Thu, 14 Jun 2007 06:38:50 -0400 Received: from nospam.sws.net.au (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id l5EAci4s022864 for ; Thu, 14 Jun 2007 10:38:47 GMT From: Russell Coker Reply-To: russell@coker.com.au To: "david carvalho" Subject: Re: selinux backups Date: Thu, 14 Jun 2007 19:08:59 +1000 Cc: selinux@tycho.nsa.gov References: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> In-Reply-To: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Message-Id: <200706141909.00957.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thursday 14 June 2007 03:32, "david carvalho" wrote: > Good afternoon. > Wich is the best way to make a backup of a system running lvm and selinux ? > It seems that with lvm systems, the best way is to take a snapshot (wich > seems a waste of space in a Volume Group). But with Selinux ? tar-1.15 > doesn't apply the right permissions when extracting (at least of what I > tested). Create a file that contains zeros using most of the free space on the filesystem in question (EG dd from /dev/zero) and then unlink it. Then gzip compress the filesystem, the zero blocks will compress well. For my laptop I use cryptsetup to encrypt the LVM volumes so I can't usefully compress them (encrypted data is almost uncompressable), but this does give me encrypted backups which I consider useful. -- russell@coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: selinux backups From: Stephen Smalley To: Kazuki Omo Cc: david carvalho , selinux@tycho.nsa.gov, Daniel J Walsh , James Antill In-Reply-To: <20070614024958.GA19806@insanity.honto.info> References: <049d01c7ade0$d28ca260$fd01000a@ubi.pt> <1181758701.17547.453.camel@moss-spartans.epoch.ncsc.mil> <20070614024958.GA19806@insanity.honto.info> Content-Type: text/plain Date: Thu, 14 Jun 2007 06:56:02 -0400 Message-Id: <1181818562.17547.548.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Thu, 2007-06-14 at 11:49 +0900, Kazuki Omo wrote: > Hi, > > I checked some backup program for writing selinux article; > http://www.atmarkit.co.jp/fsecurity/rensai/selinux202/selinux01.html > (Available on next week, but it has Japanese character only.) > > Current dump/restore and star are supporting SELinux. > If you want to use "cp", you have to use "-c" option for copying > xattrs. > > Also, I couldn't take xattrs by "tar" and "rsync" on CentOS4.4. > I didn't check "tar" on Fedora, so it might be able to take xattr. > I don't know how we can take xattr with "rsync":-( Try rsync -X or --xattrs. Requires a modern version of rsync though. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from zombie.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m5QJAFId021307 for ; Thu, 26 Jun 2008 15:10:15 -0400 Received: from hrndva-omtalb.mail.rr.com (jazzdrum.ncsc.mil [144.51.5.7]) by zombie.ncsc.mil (8.12.10/8.12.10) with ESMTP id m5QJAFPj013199 for ; Thu, 26 Jun 2008 19:10:15 GMT Received: from lanikea.austin.rr.com ([70.116.65.78]) by hrndva-omta02.mail.rr.com with ESMTP id <20080626191014.BCZC29555.hrndva-omta02.mail.rr.com@lanikea.austin.rr.com> for ; Thu, 26 Jun 2008 19:10:14 +0000 Message-Id: <905B4D2C-5075-465B-89D2-E320F3DAB85C@austin.rr.com> From: Nick Gray To: SELinux List Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Mime-Version: 1.0 (Apple Message framework v919.2) Subject: SELinux backups Date: Thu, 26 Jun 2008 14:10:14 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov All, I would like to speak to anyone who has worked on, has experience with, or just has a general interest in system/database backups on SELinux. I searched my mail folder going back to about 2003 and found very little said about it. I have been assigned this by the company I am working for and would like to get a little insight into what has been done so far, methods and issues encountered. Nick G. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from zombie.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m5QKCnlN032677 for ; Thu, 26 Jun 2008 16:12:49 -0400 Received: from mail.wrs.com (jazzdrum.ncsc.mil [144.51.5.7]) by zombie.ncsc.mil (8.12.10/8.12.10) with ESMTP id m5QKCll3000303 for ; Thu, 26 Jun 2008 20:12:48 GMT Message-ID: <4863F5FB.3040601@windriver.com> Date: Thu, 26 Jun 2008 16:03:07 -0400 From: Vikram Ambrose MIME-Version: 1.0 To: Nick Gray CC: SELinux List Subject: Re: SELinux backups References: <905B4D2C-5075-465B-89D2-E320F3DAB85C@austin.rr.com> In-Reply-To: <905B4D2C-5075-465B-89D2-E320F3DAB85C@austin.rr.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Nick Gray wrote: > All, > > I would like to speak to anyone who has worked on, has experience > with, or just has a general interest in system/database backups on > SELinux. > What do you mean exactly? a) Backing up the SELinux policy store on the system? b) Backing up a system that runs SELinux? c) Backing up a database running in an SELinux environment? d) Storing system backups on an SELinux enabled filesystem? > I searched my mail folder going back to about 2003 and found very > little said about it. > > I have been assigned this by the company I am working for and would > like to get a little insight into what has been done so far, methods > and issues encountered. > > Nick G. > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to > majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- Vikram Ambrose | Linux Products Division | WindRiver Corporation -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m5RKp5bV011138 for ; Fri, 27 Jun 2008 16:51:05 -0400 Received: from hrndva-omtalb.mail.rr.com (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id m5RKp4WT006182 for ; Fri, 27 Jun 2008 20:51:05 GMT Received: from lanikea.austin.rr.com ([70.116.65.78]) by hrndva-omta04.mail.rr.com with ESMTP id <20080627205054.LQP18182.hrndva-omta04.mail.rr.com@lanikea.austin.rr.com> for ; Fri, 27 Jun 2008 20:50:54 +0000 Message-Id: <43CBE7F1-902A-4B27-8EC1-4D03F6A2A05B@austin.rr.com> From: Nick Gray To: SELinux List In-Reply-To: <26BD11F7-FA5A-4D58-A62D-A040148278A7@austin.rr.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Mime-Version: 1.0 (Apple Message framework v919.2) Subject: Re: SELinux backups Date: Fri, 27 Jun 2008 15:50:53 -0500 References: <905B4D2C-5075-465B-89D2-E320F3DAB85C@austin.rr.com> <4863F5FB.3040601@windriver.com> <26BD11F7-FA5A-4D58-A62D-A040148278A7@austin.rr.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Jun 26, 2008, at 5:06 PM, Nick Gray wrote: > > On Jun 26, 2008, at 3:03 PM, Vikram Ambrose wrote: > >> Nick Gray wrote: >>> All, >>> >>> I would like to speak to anyone who has worked on, has experience >>> with, or just has a general interest in system/database backups on >>> SELinux. >>> >> What do you mean exactly? >> a) Backing up the SELinux policy store on the system? >> b) Backing up a system that runs SELinux? >> c) Backing up a database running in an SELinux environment? >> d) Storing system backups on an SELinux enabled filesystem? > > Yes :-) > > Primarily 2 & 3, but certainly not to exclude 1 & 4. I am interested > in a encompassing DRP. The prior system could do something akin to > an LVM snapshot and produce a bootable copy. I would like to know if > there has been any experimentation with SELinux along those lines. > Once that has been accomplished, I would move on to database backups > and incrementals. > >> >> >>> I searched my mail folder going back to about 2003 and found very >>> little said about it. >>> >>> I have been assigned this by the company I am working for and >>> would like to get a little insight into what has been done so far, >>> methods and issues encountered. >>> >>> Nick G. >>> >>> -- >>> This message was distributed to subscribers of the selinux mailing >>> list. >>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov >>> with >>> the words "unsubscribe selinux" without quotes as the message. >> >> >> -- >> Vikram Ambrose | Linux Products Division | WindRiver Corporation >> >> >> -- >> This message was distributed to subscribers of the selinux mailing >> list. >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov >> with >> the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.