Opened 8 years ago

Last modified 4 years ago

#387 assigned defect

Backup with SELINUX=permissive may result to restore errors due to /proc & /sys extended attributes

Reported by: kritzenthaler Owned by: bruno
Priority: low Milestone: 3.0.5
Component: mondo Version: 2.2.9.1
Severity: normal Keywords:
Cc:

Description (last modified by bruno)


This defect was observed on 2.2.9.2 (RHEL5.4). It should be the same on other distro though.

The following errors are encountered when trying to restore the backup:

setfattr: proc: Operation not supported
setfattr: sys: Operation not supported

Due to that, the GUI restore phase does not seem to finalize properly for a lambda end-user (even if it may have no other impacts).

It has been observed in the filelist-7 that /proc and /sys were backed-up with the following xattr:

# file: proc
security.selinux=0x73797374656d5f753a6f626a6563745f723a70726f635f743a733000
===
# file: sys
security.selinux=0x73797374656d5f753a6f626a6563745f723a73797366735f743a733000

Even if /proc and /sys sub-files/sub-dirs are not backed-up, we should also fully remove /proc and /sys from the backup. I guess removing it from the backup would avoid that kind of issue at restore time.

Note that the WA to set -E "/proc /sys" to exclude them did not work for me.

Attachments (6)

mindi.zip (22.0 KB) - added by kritzenthaler 8 years ago.
xattr_list.zip (3.1 KB) - added by kritzenthaler 8 years ago.
mondorestore.zip (23.8 KB) - added by kritzenthaler 8 years ago.
mondoarchive.zip (42.8 KB) - added by kritzenthaler 8 years ago.
screenshot_Errors_occured.jpg (92.1 KB) - added by kritzenthaler 8 years ago.
screenshot_End_of_Nuke_Restore.jpg (100.1 KB) - added by kritzenthaler 8 years ago.

Download all attachments as: .zip

Change History (10)

Changed 8 years ago by kritzenthaler

Changed 8 years ago by kritzenthaler

Changed 8 years ago by kritzenthaler

Changed 8 years ago by kritzenthaler

Changed 8 years ago by kritzenthaler

Changed 8 years ago by kritzenthaler

comment:1 Changed 8 years ago by bruno

  • Description modified (diff)
  • Priority changed from normal to low
  • Status changed from new to assigned

The problem with /proc and /sys is that they are mounted in the chroot into which the system is restored before attributes are set up. Which is on one hand wrong, and then on the other hand leads to wrong xattr for those dirs. Excluding them is already done in mondoarchive. But the problem is that we need them at restore time. So probably something special for those has to be done.

It should not have a big impact in term of features so I lower the priority, and may even postpone it to post 2.2.9.2.

comment:2 Changed 8 years ago by bruno

  • Milestone changed from 2.2.9.2 to 2.2.10

comment:3 Changed 6 years ago by bruno

  • Description modified (diff)

comment:4 Changed 4 years ago by bruno

  • Milestone changed from 3.1.0 to 3.0.5
Note: See TracTickets for help on using tickets.