On Thu, 2004-12-09 at 05:18, Simon Andrews wrote: > We've used dump/restore for our backups since way back in RH7.x. > Unfortunately after our recent upgrade to FC3 I'm getting a ton of > errors from it due to the extra ACLs required for selinux. > > $ more dump.09-12-04.log > DUMP: Date of this level 0 dump: Thu Dec 9 08:46:18 2004 > DUMP: Dumping /dev/sda6 (/) to /dev/nst0 > DUMP: Label: / > DUMP: Writing 10 Kilobyte records > DUMP: mapping (Pass I) [regular files] > DUMP: mapping (Pass II) [directories] > DUMP: estimated 401819 blocks. > DUMP: Volume 1 started with block 1 at: Thu Dec 9 08:46:19 2004 > DUMP: dumping (Pass III) [directories] > DUMP: ACLs in inode #12 won't be dumped > DUMP: ACLs in inode #102 won't be dumped > DUMP: ACLs in inode #142 won't be dumped > DUMP: ACLs in inode #143 won't be dumped > DUMP: ACLs in inode #144 won't be dumped > DUMP: ACLs in inode #146 won't be dumped > DUMP: ACLs in inode #148 won't be dumped > DUMP: ACLs in inode #191 won't be dumped > DUMP: ACLs in inode #200 won't be dumped > DUMP: ACLs in inode #207 won't be dumped > DUMP: ACLs in inode #208 won't be dumped > DUMP: ACLs in inode #212 won't be dumped > > [and a LOAD more of these] > > So a few questions: > > Is there an option for dump which will fix this (I couldn't find > anything which looked useful in the man page)? > > Is this a bug? > > Am I going to have to look for another backup solution? If so what > other programs do correctly handle ACLs? Tar? Cpio? I don't know if there is a patch for dump/restore to deal with extended attributes, but star handles them. star can preserve extended attributes, including SELinux file contexts. IIRC, the usage is something like the following: Creating an archive with attributes included: star -Hxustar -xattr -c -f foo.tar /path/to/dir Expanding an archive and preserving attributes from it: star -xattr -x -f foo.tar However, if you don't expect to customize your file contexts, you may choose to not back them up at all, and just run restorecon on files when you restore them to reset their contexts based on the file_contexts configuration. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency