Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
5.9.4. Archiving Files with tar
The
tar utility does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use the tar --selinux command to create archives that retain contexts and to restore files from the archives. If a tar archive contains files without extended attributes, or if you want the extended attributes to match the system defaults, use the restorecon utility:
~]$ tar -xvf archive.tar | restorecon -f -
~]$ tar -xvf archive.tar | restorecon -f -
Note that depending on the directory, you may need to be the root user to run the
restorecon.
The following example demonstrates creating a
tar archive that retains SELinux contexts:
Procedure 5.10. Creating a tar Archive
- Change to the
/var/www/html/directory and view its SELinux context:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ cd /var/www/html/
~]$ cd /var/www/html/Copy to Clipboard Copied! Toggle word wrap Toggle overflow html]$ ls -dZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
html]$ ls -dZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 . - As root, create three files (
file1,file2, andfile3) in/var/www/html/. These files inherit thehttpd_sys_content_ttype from/var/www/html/:Copy to Clipboard Copied! Toggle word wrap Toggle overflow html]# touch file{1,2,3}html]# touch file{1,2,3}Copy to Clipboard Copied! Toggle word wrap Toggle overflow html]$ ls -Z /var/www/html/ -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
html]$ ls -Z /var/www/html/ -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3 - As root, run the following command to create a
tararchive namedtest.tar. Use the--selinuxto retain the SELinux context:Copy to Clipboard Copied! Toggle word wrap Toggle overflow html]# tar --selinux -cf test.tar file{1,2,3}html]# tar --selinux -cf test.tar file{1,2,3} - As root, create a new directory named
/test/, and then allow all users full access to it:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# mkdir /test
~]# mkdir /testCopy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# chmod 777 /test/
~]# chmod 777 /test/ - Copy the
test.tarfile into/test/:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ cp /var/www/html/test.tar /test/
~]$ cp /var/www/html/test.tar /test/ - Change into
/test/directory. Once in this directory, run the following command to extract thetararchive. Specify the--selinuxoption again otherwise the SELinux context will be changed todefault_t:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ cd /test/
~]$ cd /test/Copy to Clipboard Copied! Toggle word wrap Toggle overflow test]$ tar --selinux -xvf test.tar
test]$ tar --selinux -xvf test.tar - View the SELinux contexts. The
httpd_sys_content_ttype has been retained, rather than being changed todefault_t, which would have happened had the--selinuxnot been used:Copy to Clipboard Copied! Toggle word wrap Toggle overflow test]$ ls -lZ /test/ -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3 -rw-r--r-- user1 group1 unconfined_u:object_r:default_t:s0 test.tar
test]$ ls -lZ /test/ -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3 -rw-r--r-- user1 group1 unconfined_u:object_r:default_t:s0 test.tar - If the
/test/directory is no longer required, as root, run the following command to remove it, as well as all files in it:Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]# rm -ri /test/
~]# rm -ri /test/
See the tar(1) manual page for further information about
tar, such as the --xattrs option that retains all extended attributes.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}