Backup LVM file system with SELinux context

Backup is one of the most crucial operations for providing availability of the computer system. Although writing backup scripts is an easy task, there are few points with LVM and SELinux which are described below.

LVM is a logical volume manager for the Linux kernel. One of the key features of LVM is generating snapshots for logical volumes. This allows the administrator to create a new block device which presents an exact copy of a logical volume, frozen at some point in time. It is very useful for backups - we can make backups without stopping volumes. Snapshots can be created with 'lvcreate' command with '-s' option.

SELinux is an implementation of a flexible mandatory access control architecture in the Linux operating system. It uses file labelling with special security context. During a usual file archiving this context could be lost, so the administrator should use special archivers like 'star'.

So, the administrator should use following procedure for archiving LVM volumes with SELinux enabled:

  1. Create a snapshot of required volume.
  2. Mount this snapshot.
  3. Make star-archive of the snapshot to required location.
  4. Unmount the snapshot.
  5. Delete the snapshot.

A sample script is below:

#!/bin/sh

/sbin/lvcreate -L5G -s -n homesnapshot /dev/VolGroup00/home
mount /dev/VolGroup00/homesnapshot /mnt/homesnapshot
star -xattr -H=exustar -v -c -f /media/work/backups/home.star /mnt/homesnapshot/
umount /mnt/homesnapshot
/sbin/lvremove -f /dev/VolGroup00/homesnapshot

Have fun with backups!

Comments

Post a Comment

Popular posts from this blog

Web application framework comparison by memory consumption

Memory consumption is slightly specific to my area of software development now, but I did some research recently and maybe these results can be useful for others. Of course, I know that precious comparison is very difficult to carry out, but actually I needed only overall picture. And let me admit that results are pretty interesting and even frustrated (at least for me). As a basis I took so-starving project, and measured initial RSS (Resident Set Size) of the each process (local development webservers). Platform: x86_64 Linux (latest Ubuntu with all updates). As a reference, here is the RSS of the interpreters in interactive console mode: Interpreter Version RSS (kB) stackless python 2.6.4 3916 ruby (via irb) 1.8.7 4664 python 2.7.1 5624 php 5.3.5 6924 v8 (via node.js shell) 2.5.9.9 8796 One more reference - the most simplest WSGI app ( example  in the Python documentation). It's RSS: 7336 Kb , so I assume it's almost impossible to consume l
Read more

Trac Ticket Workflow

Trac is the wiki and issue tracking system that is the most used for my software development projects. Let me share few hints about its ticket workflow, especially about the statuses, the roles of the participants, and let me give an example of the workflow config. But if you are interested in other things like Trac plugins, source browser, customizing, etc, let me know. All the information given below regards the workflow described at the end of the article. The original Trac workflow is missed vital features like the support for ticket verifying, or the required ticket statuses range, so I do not use it in my projects. The description of the main statuses: new - the ticket has been created; in-progress - the developer has began to work with the ticket; fixed - the ticket is fixed (the problem issued in the ticket is solved); verified - the ticket is verified (tester or PM has verified that the ticket is fixed correctly); closed - the ticket is closed (it's not
Read more

Shellcode detection using libemu

Shellcode can be seen as a list of instructions that has been developed in a manner that allows it to be injected in an application during runtime. Each security researcher face the shellcodes during their work, and in this article I'll show how to detect shellcodes using Python (via libemu Python binding). Few words about libemu : libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. The information on the site is not actual in some places, so I'll give direct and clear instruction how to get and install libemu. Clone the git repository: $ git clone git://git.carnivore.it/libemu.git Firstly, configure, make and install libemu itself (without binding): $ autoreconf -v -i $ ./configure --prefix=/opt/libemu $ make $ sudo make install If you set up prefix as shown above, you have to add the library path to /etc/ld.so.conf file
Read more