Hi. On Mon, Sep 25, 2017 at 09:05:25PM +0200, solitone wrote: > On 24/09/17 11:51, Reco wrote: > > ACLs are easy. Even tar(1) knows them. > > It's things like these that give you headache: > > > > $ /sbin/getcap /bin/ping > > /bin/ping = cap_net_raw+ep > > > > # lsattr /etc/resolv.conf > > ----i---------e---- /etc/resolv.conf > > > > # getfattr -d /var/log/messages > > # file: var/log/messages > > user.name="main system log" > > > > # ls -alZ .bashrc > > -rw-r--r--. root root system_u:object_r:admin_home_t:s0 .bashrc > > > > If you have any of these in your source system, but don't have in target > > one - your backup is invalid, consider changing tool you're using. > > Note that these are just the examples, there can be other files like > > this. > > Is there anything like this in the standard debian configuration? I haven't > set any.
setcap should be there: $ grep -c setcap /var/lib/dpkg/info/*postinst | grep -v 0$ /var/lib/dpkg/info/iputils-ping.postinst:3 /var/lib/dpkg/info/iputils-tracepath.postinst:2 /var/lib/dpkg/info/wireshark-common.postinst:2 SELinux labels will be there if you have it installed, but SELinux has optional priority. 'chattr +i /etc/resolv.conf' is a popular measure at this list. setfattr is exotic. Reco
