Re: Restore backup to KVM
Hi.
On Mon, Sep 25, 2017 at 09:05:25PM +0200, solitone wrote:
> On 24/09/17 11:51, Reco wrote:
> > ACLs are easy. Even tar(1) knows them.
> > It's things like these that give you headache:
> >
> > $ /sbin/getcap /bin/ping
> > /bin/ping = cap_net_raw+ep
> >
> > # lsattr /etc/resolv.conf
> > ----i---------e---- /etc/resolv.conf
> >
> > # getfattr -d /var/log/messages
> > # file: var/log/messages
> > user.name="main system log"
> >
> > # ls -alZ .bashrc
> > -rw-r--r--. root root system_u:object_r:admin_home_t:s0 .bashrc
> >
> > If you have any of these in your source system, but don't have in target
> > one - your backup is invalid, consider changing tool you're using.
> > Note that these are just the examples, there can be other files like
> > this.
>
> Is there anything like this in the standard debian configuration? I haven't
> set any.
setcap should be there:
$ grep -c setcap /var/lib/dpkg/info/*postinst | grep -v 0$
/var/lib/dpkg/info/iputils-ping.postinst:3
/var/lib/dpkg/info/iputils-tracepath.postinst:2
/var/lib/dpkg/info/wireshark-common.postinst:2
SELinux labels will be there if you have it installed, but SELinux has
optional priority.
'chattr +i /etc/resolv.conf' is a popular measure at this list.
setfattr is exotic.
Reco
Reply to: