Red Hat Bugzilla – Bug 452524
Restoring selinux file context in rescue mode fails
Last modified: 2009-10-15 13:26:29 EDT
Description of problem: Restoring selinux file context in rescue mode fails with errors ( tar: selinux: Cannot setfilecon: Invalid argument ) Version-Release number of selected component (if applicable): How reproducible: create a backup with on a system running selinux then restore the backup by booting to redhat install disk1 and typing linux rescue at the prompt. Steps to Reproduce: 1. create a backup to tape using tar -cj --xattrs -f /dev/st0 (or similar) 2. boot to redhat CD and type linux rescue create the new file system 3. restore data from tape using tar -pxvf /dev/nst0 --overwrite (or similar) Actual results: Files are restored with incorrect context and error message is displayed for each file restored Expected results: Files should be restored with appropriate file context Additional info: This appears to be the result of the file context not being available in rescue mode and selinux not allowing file context that it doesn't know. I spoke with Dan Walsh at the RedHat Summit in Boston regarding this and asked me to file this bug. Not sure I choose the correct component so please redirect as appropriate.
If you type load_policy before running the tar, does it work?
Offhand, I'd say there are three options: 1) Boot from rescue CD with selinux disabled - then there is no conflict between the policy and the file contexts. 2) Boot from the rescue CD with selinux enabled, then load policy from the disk (e.g. chroot to the real root and then run load_policy from it), then extract the archive. 3) Back port the set-unknown-context support to RHEL5 kernel and leverage it for this purpose.
I think you need to use Option 1 or 2. So closing as notabug since you have work arounds.