On Wed, 2006-04-26 at 14:14 -0700, Kayvan A. Sylvan wrote: > Hi folks, > > I am trying again. I haven't gotten an answer that works yet and hoping that > people who know more about SELinux and Fedora can see this and suggest > a solution (or at least a way to investigate). > > My goal: To be able to reszie a partition (or rearrange filesystems) without > losing any data or meta-data. > > parted is useless, since it won't handle the xattr filesystem data. > > I used dump to create a filesystem backup, then used the FC5 Install DVD > to go into rescue mode and restore the dump. That seem to work okay for > the file data. However, for each and every file, I get the message: > > restore: lsetxattr ./filename_being_restored failed: Invalid argument > > Using "ls -Z", I see that all the files end up being unlabeled (or they > are in the unlabeled_t context). > > These files were all set up in Fedora FC4, using the targeted policy. Ok, so the problem here is that dump is saving the raw attribute values (which lack the MLS field since they came from FC4) and then calling lsetxattr() with those raw attribute values, and the FC5 kernel is then rejecting them since they lack the field. Related to: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189845 If restore instead used lsetfilecon(3), the attribute would be extended appropriately. Short term workaround for you would be to run restorecon on the filesystem after restoring it to fix up the labels. > I have also tried using "star" with the following args: > > star -v -c -xdev -sparse -acl -link-dirs level=0 -wtardumps \ > f=root.star -C / . > > And then, when booted into the rescue mode, did the following to extract: > > star -xpU -restore f=root.star Did you try following the instructions in the SELinux FAQ: http://fedora.redhat.com/docs/selinux-faq-fc5/#id2978236 In particular, using -xattr and -H=exustar options. -acl is specific to POSIX ACLs I believe. > This produced the same result. The files end up being unlabeled. > > I am wondering if I have to have the same SELinux policy loaded while > in the rescue mode in order to avoid the "lsetxattr: invalid argument" > error? How would I go about doing that? -- Stephen Smalley National Security Agency
