SELinux errors using rsync to backup /

Support for security such as Firewalls and securing linux
Post Reply
Luni
Posts: 2
Joined: 2014/04/13 08:19:49

SELinux errors using rsync to backup /

Post by Luni » 2014/04/13 08:46:47

Hello,

I have a home server running CentOS 6.5 which is comprised of 1 OS disk and 5 other disks as part of a software Raid 5. The raid is mounted at /raid. All filesystems are ext4.

I would like to use rsync to backup my OS disk to the raid using the following command:

Code: Select all

rsync -aAXv --delete --stats / /raid/os-backup --exclude={/raid/*,/dev/*,/proc/*,/sys/*,/tmp/*,/mnt/*,/lost+found/,/var/cache/yum/*}
However, running this I receive many errors similar to the following:

Code: Select all

...
rsync: rsync_xal_clear: lremovexattr("raid","security.selinux") failed: Permission denied (13)
...
rsync: rsync_xal_set: lsetxattr("selinux","security.selinux") failed: Permission denied (13)
rsync: rsync_xal_set: lsetxattr("selinux/access","security.selinux") failed: Permission denied (13)
rsync: rsync_xal_set: lsetxattr("selinux/checkreqprot","security.selinux") failed: Permission denied (13)
...
From some research online I've found that it's selinux protecting itself from having its attributes removed from certain folders (such as /raid). However, the hundreds of errors in /selinux/* worry me because I was under the assumption I could cp -p /raid/os-backup onto a new properly partitioned OS disk in the event I need to. I could exclude /selinux to obviously eliminate most of the errors, but then /raid/os-backup becomes only part of a CentOS install.

Am I approaching this problem correctly? If so, is there a way to resolve the rsync errors and make SELinux happy?

Thank you very much for your time.
Top
Luni
Posts: 2
Joined: 2014/04/13 08:19:49

Re: SELinux errors using rsync to backup /

Post by Luni » 2014/04/15 03:36:19

After thinking some more about this, I think it would make sense to remove the -X option from rsync. Then, in the event I have to restore the OS disk I could run the following after copying the backup over:

Code: Select all

restorecon -Fprv /
This is assuming that I've used semanage to manage all file contexts (which I have thus far). Is the -F necessary in this scenario? Would ignoring the extended attributes for the backup have any consequences that I'm unaware of?

Thank you again for your time.
Top
Post Reply

Return to “CentOS 6 - Security Support”