[Rear-users] SF.net SVN: rear:[690] trunk/usr/share/rear

gdha at users.sourceforge.net gdha at users.sourceforge.net
Fri Jul 15 10:31:56 CEST 2011


Revision: 690
          http://rear.svn.sourceforge.net/rear/?rev=690&view=rev
Author:   gdha
Date:     2011-07-15 08:31:55 +0000 (Fri, 15 Jul 2011)

Log Message:
-----------
The SELinux modifications for preventing that SELinux will be disabled during backup.
Be aware: the default is still to disable it - see default.conf: BACKUP_SELINUX_DISABLE=1

Modified Paths:
--------------
    trunk/usr/share/rear/backup/NETFS/default/50_make_backup.sh
    trunk/usr/share/rear/backup/RSYNC/GNU/Linux/61_start_selinux.sh
    trunk/usr/share/rear/backup/RSYNC/default/50_make_rsync_backup.sh
    trunk/usr/share/rear/conf/default.conf
    trunk/usr/share/rear/prep/RSYNC/GNU/Linux/20_selinux_in_use.sh
    trunk/usr/share/rear/restore/NETFS/default/40_restore_backup.sh
    trunk/usr/share/rear/restore/RSYNC/default/40_restore_rsync_backup.sh
    trunk/usr/share/rear/verify/NETFS/default/55_check_backup_archive.sh

Added Paths:
-----------
    trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.onhold
    trunk/usr/share/rear/backup/NETFS/GNU/Linux/31_stop_selinux.sh
    trunk/usr/share/rear/backup/NETFS/GNU/Linux/62_force_autorelabel.sh
    trunk/usr/share/rear/backup/RSYNC/GNU/Linux/62_force_autorelabel.sh
    trunk/usr/share/rear/prep/NETFS/GNU/
    trunk/usr/share/rear/prep/NETFS/GNU/Linux/
    trunk/usr/share/rear/prep/NETFS/GNU/Linux/20_selinux_in_use.sh

Removed Paths:
-------------
    trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.sh

Copied: trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.onhold (from rev 688, trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.sh)
===================================================================
--- trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.onhold	                        (rev 0)
+++ trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.onhold	2011-07-15 08:31:55 UTC (rev 690)
@@ -0,0 +1,12 @@
+# Stop SELinux if present with tar backup
+[ -f /selinux/enforce ] || return
+case "$(basename ${BACKUP_PROG})" in
+	(tar|rsync)
+		cat /selinux/enforce > $TMP_DIR/selinux.mode
+		echo "0" > /selinux/enforce
+		Log "Temporarely stop SELinux enforce mode with BACKUP=${BACKUP} and BACKUP_PROG=${BACKUP_PROG} backup"
+	;;
+	(*) # do nothing
+		:
+	;;
+esac

Deleted: trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.sh
===================================================================
--- trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/backup/NETFS/GNU/Linux/30_stop_selinux.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -1,12 +0,0 @@
-# Stop SELinux if present with tar backup
-[ -f /selinux/enforce ] || return
-case "$(basename ${BACKUP_PROG})" in
-	(tar|rsync)
-		cat /selinux/enforce > $TMP_DIR/selinux.mode
-		echo "0" > /selinux/enforce
-		Log "Temporarely stop SELinux enforce mode with BACKUP=${BACKUP} and BACKUP_PROG=${BACKUP_PROG} backup"
-	;;
-	(*) # do nothing
-		:
-	;;
-esac

Added: trunk/usr/share/rear/backup/NETFS/GNU/Linux/31_stop_selinux.sh
===================================================================
--- trunk/usr/share/rear/backup/NETFS/GNU/Linux/31_stop_selinux.sh	                        (rev 0)
+++ trunk/usr/share/rear/backup/NETFS/GNU/Linux/31_stop_selinux.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -0,0 +1 @@
+link ../../../RSYNC/GNU/Linux/31_stop_selinux.sh
\ No newline at end of file


Property changes on: trunk/usr/share/rear/backup/NETFS/GNU/Linux/31_stop_selinux.sh
___________________________________________________________________
Added: svn:special
   + *

Added: trunk/usr/share/rear/backup/NETFS/GNU/Linux/62_force_autorelabel.sh
===================================================================
--- trunk/usr/share/rear/backup/NETFS/GNU/Linux/62_force_autorelabel.sh	                        (rev 0)
+++ trunk/usr/share/rear/backup/NETFS/GNU/Linux/62_force_autorelabel.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -0,0 +1 @@
+link ../../../RSYNC/GNU/Linux/62_force_autorelabel.sh
\ No newline at end of file


Property changes on: trunk/usr/share/rear/backup/NETFS/GNU/Linux/62_force_autorelabel.sh
___________________________________________________________________
Added: svn:special
   + *

Modified: trunk/usr/share/rear/backup/NETFS/default/50_make_backup.sh
===================================================================
--- trunk/usr/share/rear/backup/NETFS/default/50_make_backup.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/backup/NETFS/default/50_make_backup.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -15,9 +15,13 @@
 LogPrint "Creating $BACKUP_PROG archive '$backuparchive'"
 ProgressStart "Preparing archive operation"
 (
-case "$BACKUP_PROG" in
+case "$(basename ${BACKUP_PROG})" in
 	# tar compatible programs here
 	(tar)
+		Log $BACKUP_PROG --sparse --block-number --totals --verbose --no-wildcards-match-slash --one-file-system --ignore-failed-read \
+			$BACKUP_PROG_OPTIONS ${BACKUP_PROG_BLOCKS:+-b $BACKUP_PROG_BLOCKS} $BACKUP_PROG_COMPRESS_OPTIONS \
+			-X $TMP_DIR/backup-exclude.txt -C / -c -f "$backuparchive" \
+			$(cat $TMP_DIR/backup-include.txt) $LOGFILE
 		$BACKUP_PROG --sparse --block-number --totals --verbose --no-wildcards-match-slash --one-file-system --ignore-failed-read \
 			$BACKUP_PROG_OPTIONS ${BACKUP_PROG_BLOCKS:+-b $BACKUP_PROG_BLOCKS} $BACKUP_PROG_COMPRESS_OPTIONS \
 			-X $TMP_DIR/backup-exclude.txt -C / -c -f "$backuparchive" \
@@ -26,12 +30,19 @@
 	(rsync)
 		# make sure that the target is a directory
 		mkdir -p $v "$backuparchive" >&2
-		$BACKUP_PROG --sparse --archive --hard-links --one-file-system --verbose --delete --numeric-ids \
+		Log $BACKUP_PROG "${RSYNC_OPTIONS[@]}" --one-file-system --delete \
 			--exclude-from=$TMP_DIR/backup-exclude.txt --delete-excluded \
 			$(cat $TMP_DIR/backup-include.txt) "$backuparchive"
+		$BACKUP_PROG "${RSYNC_OPTIONS[@]}" --one-file-system --delete \
+			--exclude-from=$TMP_DIR/backup-exclude.txt --delete-excluded \
+			$(cat $TMP_DIR/backup-include.txt) "$backuparchive"
 	;;
 	(*)
 		Log "Using unsupported backup program '$BACKUP_PROG'"
+		Log $BACKUP_PROG $BACKUP_PROG_COMPRESS_OPTIONS \
+			$BACKUP_PROG_OPTIONS_CREATE_ARCHIVE $TMP_DIR/backup-exclude.txt \
+			$BACKUP_PROG_OPTIONS $backuparchive \
+			$(cat $TMP_DIR/backup-include.txt) $LOGFILE > $backuparchive
 		$BACKUP_PROG $BACKUP_PROG_COMPRESS_OPTIONS \
 			$BACKUP_PROG_OPTIONS_CREATE_ARCHIVE $TMP_DIR/backup-exclude.txt \
 			$BACKUP_PROG_OPTIONS $backuparchive \
@@ -52,7 +63,7 @@
 	echo $used
 }
 # while the backup runs in a sub-process, display some progress information to the user
-case "$BACKUP_PROG" in
+case "$(basename ${BACKUP_PROG})" in
 	(tar)
 		while sleep 1 ; kill -0 $BackupPID 2>&8; do
 			blocks="$(tail -1 ${TMP_DIR}/${BACKUP_PROG_ARCHIVE}.log | awk 'BEGIN { FS="[ :]" } /^block [0-9]+: / { print $2 }')"

Modified: trunk/usr/share/rear/backup/RSYNC/GNU/Linux/61_start_selinux.sh
===================================================================
--- trunk/usr/share/rear/backup/RSYNC/GNU/Linux/61_start_selinux.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/backup/RSYNC/GNU/Linux/61_start_selinux.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -1,8 +1,7 @@
-# Start SELinux if it was stopped - check presence of /tmp/selinux.mode
+# Start SELinux if it was stopped - check presence of  $TMP_DIR/selinux.mode
 
-touch "${TMP_DIR}/selinux.autorelabel"
 [ -f $TMP_DIR/selinux.mode ] && {
-
+	touch "${TMP_DIR}/selinux.autorelabel"
 	cat $TMP_DIR/selinux.mode > /selinux/enforce
 	Log "Restored original SELinux mode"
 	case $RSYNC_PROTO in

Added: trunk/usr/share/rear/backup/RSYNC/GNU/Linux/62_force_autorelabel.sh
===================================================================
--- trunk/usr/share/rear/backup/RSYNC/GNU/Linux/62_force_autorelabel.sh	                        (rev 0)
+++ trunk/usr/share/rear/backup/RSYNC/GNU/Linux/62_force_autorelabel.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -0,0 +1,42 @@
+[ -f $TMP_DIR/force.autorelabel ] && {
+
+	> "${TMP_DIR}/selinux.autorelabel"
+
+	case $RSYNC_PROTO in
+
+	(ssh)
+		# for some reason rsync changes the mode of backup after each run to 666
+		ssh $RSYNC_USER@$RSYNC_HOST "chmod $v 755 ${RSYNC_PATH}/${RSYNC_PREFIX}/backup" 2>&8
+		$BACKUP_PROG -a "${TMP_DIR}/selinux.autorelabel" \
+		 "$RSYNC_USER@$RSYNC_HOST:${RSYNC_PATH}/${RSYNC_PREFIX}/backup/.autorelabel" 2>&8
+		_rc=$?
+		if [ $_rc -ne 0 ]; then
+			LogPrint "Failed to create .autorelabel on ${RSYNC_PATH}/${RSYNC_PREFIX}/backup [${rsync_err_msg[$_rc]}]"
+			#StopIfError "Failed to create .autorelabel on ${RSYNC_PATH}/${RSYNC_PREFIX}/backup"
+		fi
+		;;
+
+	(rsync)
+		$BACKUP_PROG -a "${TMP_DIR}/selinux.autorelabel" \
+		 "${RSYNC_PROTO}://${RSYNC_USER}@${RSYNC_HOST}:${RSYNC_PORT}/${RSYNC_PATH}/${RSYNC_PREFIX}/backup/.autorelabel"
+		_rc=$?
+		if [ $_rc -ne 0 ]; then
+			LogPrint "Failed to create .autorelabel on ${RSYNC_PATH}/${RSYNC_PREFIX}/backup [${rsync_err_msg[$_rc]}]"
+			#StopIfError "Failed to create .autorelabel on ${RSYNC_PATH}/${RSYNC_PREFIX}/backup"
+		fi
+		;;
+
+	(*)
+		# probably using the BACKUP=NETFS workflow instead
+		if [ -d "${BUILD_DIR}/netfs/${NETFS_PREFIX}" ]; then
+			if [ ! -f "${BUILD_DIR}/netfs/${NETFS_PREFIX}/selinux.autorelabel" ]; then
+				> "${BUILD_DIR}/netfs/${NETFS_PREFIX}/selinux.autorelabel"
+				StopIfError "Failed to create selinux.autorelabel on ${BUILD_DIR}/netfs/${NETFS_PREFIX}"
+			fi
+		fi
+		;;
+
+	esac
+	Log "Trigger (forced) autorelabel (SELinux) file"
+}
+

Modified: trunk/usr/share/rear/backup/RSYNC/default/50_make_rsync_backup.sh
===================================================================
--- trunk/usr/share/rear/backup/RSYNC/default/50_make_rsync_backup.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/backup/RSYNC/default/50_make_rsync_backup.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -47,15 +47,15 @@
 
 sleep 3 # Give the backup software a good chance to start working
 
-function get_size () {
+get_size() {
 	echo $(stat --format '%s' "/$1" 2>/dev/null)
 }
 
-function check_remote_df () {
+check_remote_df() {
 	echo $(ssh ${RSYNC_USER}@${RSYNC_HOST} df -P ${RSYNC_PATH} 2>/dev/null | tail -1 | awk '{print $5}' | sed -e 's/%//')
 }
 
-function check_remote_du () {
+check_remote_du() {
 	x=$(ssh ${RSYNC_USER}@${RSYNC_HOST} du -sb ${RSYNC_PATH}/${RSYNC_PREFIX}/backup 2>/dev/null | awk '{print $1}')
 	[[ -z "${x}" ]] && x=0
 	echo $x

Modified: trunk/usr/share/rear/conf/default.conf
===================================================================
--- trunk/usr/share/rear/conf/default.conf	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/conf/default.conf	2011-07-15 08:31:55 UTC (rev 690)
@@ -211,6 +211,8 @@
 BACKUP_PROG_ARCHIVE="backup"
 BACKUP_PROG_EXCLUDE=( '/tmp/*' '/dev/shm/*' )
 BACKUP_PROG_INCLUDE=( )
+# Disable SELinux policy during backup with NETFS or RSYNC (default yes)
+BACKUP_SELINUX_DISABLE=1
 
 
 # program files (find them in the path). These progs are optional,
@@ -402,6 +404,7 @@
 # empty means only keep current backup
 NETFS_KEEP_OLD_BACKUP_COPY=
 
+
 ### BACKUP=RSYNC method
 # RSYNC backup method uses rsync (using ssh or rsync) to make a backup to a remote network server
 # prefix directory to create on the remote network filesystem

Added: trunk/usr/share/rear/prep/NETFS/GNU/Linux/20_selinux_in_use.sh
===================================================================
--- trunk/usr/share/rear/prep/NETFS/GNU/Linux/20_selinux_in_use.sh	                        (rev 0)
+++ trunk/usr/share/rear/prep/NETFS/GNU/Linux/20_selinux_in_use.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -0,0 +1 @@
+link ../../../RSYNC/GNU/Linux/20_selinux_in_use.sh
\ No newline at end of file


Property changes on: trunk/usr/share/rear/prep/NETFS/GNU/Linux/20_selinux_in_use.sh
___________________________________________________________________
Added: svn:special
   + *

Modified: trunk/usr/share/rear/prep/RSYNC/GNU/Linux/20_selinux_in_use.sh
===================================================================
--- trunk/usr/share/rear/prep/RSYNC/GNU/Linux/20_selinux_in_use.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/prep/RSYNC/GNU/Linux/20_selinux_in_use.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -1,6 +1,15 @@
 # check if SELinux is in use, if not, just silently return
 [[ -f /selinux/enforce ]] || return
 
+# check global settings (see default.conf) - non-empty means disable SELinux during backup
+if [ -n "$BACKUP_SELINUX_DISABLE" ]; then
+        cat /selinux/enforce > $TMP_DIR/selinux.mode
+        RSYNC_SELINUX=
+        return
+fi
+
+#PROGS=( "${PROGS[@]}" setfiles chcon restorecon )
+
 # SELinux is found to be available on this system; depending on backup program we may need to do different things
 # So far, only rsync and tar has special options for selinux. Others, just disable SELinux during backup only!
 case $(basename $BACKUP_PROG) in
@@ -19,10 +28,19 @@
 			fi
 			RSYNC_SELINUX=1		# variable used in recover mode (means using xattr and not disable SELinux)
 		fi
+		touch $TMP_DIR/force.autorelabel	# after reboot the restored system do a forced SELinux relabeling
 		;;
 
 	(tar)
-		tar --usage | grep -q selinux && BACKUP_PROG_OPTIONS="--selinux" || cat /selinux/enforce > $TMP_DIR/selinux.mode
+		if tar --usage | grep -q selinux  ; then
+			# during backup we will NOT disable SELinux
+			BACKUP_PROG_OPTIONS="--selinux"
+			touch $TMP_DIR/force.autorelabel
+		else
+			# during backup we will disable SELinux
+			cat /selinux/enforce > $TMP_DIR/selinux.mode
+			# after reboot the restored system does a SELinux relabeling
+		fi
 		;;
 
 	(*)

Modified: trunk/usr/share/rear/restore/NETFS/default/40_restore_backup.sh
===================================================================
--- trunk/usr/share/rear/restore/NETFS/default/40_restore_backup.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/restore/NETFS/default/40_restore_backup.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -13,6 +13,8 @@
 		if [ -s $TMP_DIR/restore-exclude-list.txt ] ; then
 			BACKUP_PROG_OPTIONS="$BACKUP_PROG_OPTIONS --exclude-from=$TMP_DIR/restore-exclude-list.txt "
 		fi
+		Log $BACKUP_PROG --block-number --totals --verbose $BACKUP_PROG_OPTIONS $BACKUP_PROG_COMPRESS_OPTIONS \
+			-C /mnt/local/ -x -f "$backuparchive"
 		$BACKUP_PROG --block-number --totals --verbose $BACKUP_PROG_OPTIONS $BACKUP_PROG_COMPRESS_OPTIONS \
 			-C /mnt/local/ -x -f "$backuparchive"
 	;;
@@ -20,7 +22,8 @@
 		if [ -s $TMP_DIR/restore-exclude-list.txt ] ; then
 			BACKUP_PROG_OPTIONS="$BACKUP_PROG_OPTIONS --exclude-from=$TMP_DIR/restore-exclude-list.txt "
 		fi
-		$BACKUP_PROG --numeric-ids --sparse --archive --hard-links --verbose $BACKUP_PROG_OPTIONS \
+		Log $BACKUP_PROG "${RSYNC_OPTIONS[@]}" $BACKUP_PROG_OPTIONS "$backuparchive"/ /mnt/local/
+		$BACKUP_PROG "${RSYNC_OPTIONS[@]}" $BACKUP_PROG_OPTIONS \
 			"$backuparchive"/ /mnt/local/
 	;;
 	(*)

Modified: trunk/usr/share/rear/restore/RSYNC/default/40_restore_rsync_backup.sh
===================================================================
--- trunk/usr/share/rear/restore/RSYNC/default/40_restore_rsync_backup.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/restore/RSYNC/default/40_restore_rsync_backup.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -1,6 +1,6 @@
 # Restore the remote backup via RSYNC
 
-function get_size () {
+get_size() {
 	echo $(stat --format '%s' "/mnt/local/$1")
 }
 
@@ -51,7 +51,7 @@
 	(rsync)
 		
 		while sleep 1 ; kill -0 $BackupPID 2>/dev/null ; do
-			fsize="$(get_size $(tail -2 "${TMP_DIR}/${BACKUP_PROG_ARCHIVE}-restore.log" | head -n 1))"
+			fsize=$(get_size "$(tail -2 "${TMP_DIR}/${BACKUP_PROG_ARCHIVE}-restore.log" | head -n 1)")
 			size=$((size+fsize))
 			echo "INFO Restored $((size/1024/1024)) MiB [avg $((size/1024/(SECONDS-starttime))) KiB/sec]" >&8
 		done

Modified: trunk/usr/share/rear/verify/NETFS/default/55_check_backup_archive.sh
===================================================================
--- trunk/usr/share/rear/verify/NETFS/default/55_check_backup_archive.sh	2011-07-15 07:54:02 UTC (rev 689)
+++ trunk/usr/share/rear/verify/NETFS/default/55_check_backup_archive.sh	2011-07-15 08:31:55 UTC (rev 690)
@@ -5,7 +5,7 @@
 	return
 fi
 
-[ -s "$backuparchive" ]
+[ -s "$backuparchive" -o -d "$backuparchive" ]
 StopIfError "Backup archive '$backuparchive' not found !"
 
 LogPrint "Calculating backup archive size"


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




More information about the rear-users mailing list