Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

5.9.4. Archiving Files with tar

The tar utility does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use the tar --selinux command to create archives that retain contexts and to restore files from the archives. If a tar archive contains files without extended attributes, or if you want the extended attributes to match the system defaults, use the restorecon utility: 
~]$ tar -xvf archive.tar | restorecon -f -
Copy to Clipboard Toggle word wrap
Note that depending on the directory, you may need to be the root user to run the restorecon.
The following example demonstrates creating a tar archive that retains SELinux contexts:

Procedure 5.10. Creating a tar Archive

  1. Change to the /var/www/html/ directory and view its SELinux context: 
    ~]$ cd /var/www/html/
    Copy to Clipboard Toggle word wrap 
    html]$ ls -dZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
    Copy to Clipboard Toggle word wrap
  2. As root, create three files (file1, file2, and file3) in /var/www/html/. These files inherit the httpd_sys_content_t type from /var/www/html/: 
    html]# touch file{1,2,3}
    Copy to Clipboard Toggle word wrap 
    html]$ ls -Z /var/www/html/
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
    Copy to Clipboard Toggle word wrap
  3. As root, run the following command to create a tar archive named test.tar. Use the --selinux to retain the SELinux context: 
    html]# tar --selinux -cf test.tar file{1,2,3}
    Copy to Clipboard Toggle word wrap
  4. As root, create a new directory named /test/, and then allow all users full access to it: 
    ~]# mkdir /test
    Copy to Clipboard Toggle word wrap 
    ~]# chmod 777 /test/
    Copy to Clipboard Toggle word wrap
  5. Copy the test.tar file into /test/: 
    ~]$ cp /var/www/html/test.tar /test/
    Copy to Clipboard Toggle word wrap
  6. Change into /test/ directory. Once in this directory, run the following command to extract the tar archive. Specify the --selinux option again otherwise the SELinux context will be changed to default_t: 
    ~]$ cd /test/
    Copy to Clipboard Toggle word wrap 
    test]$ tar --selinux -xvf test.tar
    Copy to Clipboard Toggle word wrap
  7. View the SELinux contexts. The httpd_sys_content_t type has been retained, rather than being changed to default_t, which would have happened had the --selinux not been used: 
    test]$ ls -lZ /test/
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3
-rw-r--r--  user1 group1 unconfined_u:object_r:default_t:s0 test.tar
    Copy to Clipboard Toggle word wrap
  8. If the /test/ directory is no longer required, as root, run the following command to remove it, as well as all files in it: 
    ~]# rm -ri /test/
    Copy to Clipboard Toggle word wrap
See the tar(1) manual page for further information about tar, such as the --xattrs option that retains all extended attributes.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat