> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Tuesday, 11 June 2013 1:10 AM > To: [email protected] > Subject: libarchive and MAC labels > > I've created a patch for libarchive that allows storing and > restoring MAC labels from/to a multilabel filesystem using > bsdtar. Now before going anywhere with this I had a few questions: > > - how much general interest is there in such a feature? Would > this be a welcome addition to libarchive, either "upstream" > or as integrated in the system source tree. I would be > especially interested in the opinion of people who have > already been involved with the MAC development. > > - right now the labels are stored silently, similar to ACL-s > and extended attributes. They are not extracted by default, > only when the '-p' option is specified (default as root). > This seems consistent, however it would also be possible to > add a switch so that the labels wouldn't be archived unless > explicitly requested. > > - the labels are stored in text representation, as converted > by mac_to_text(). This could potentially cause some future > breakage, if the text representation ever changes. Also, > restoring a label partially (let's say a biba+MLS label with > only biba enabled) does not work. Any thoughts on that? > > Thanks, > Priit. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "[email protected]" Priit, Thank-you for addressing a significant backup/recovery shortcoming. I've used biba extensively, however if files/directories are backed-up with MLS+biba and recovered in a biba only environment, that is the sysadmin choice. Warning messages are fine, but the restoration should continue (if possible). Regards, Dewayne. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"