On Tue, Mar 21, 2017 at 11:04 AM, Tom H <[log in to unmask]> wrote:
> On Tue, Mar 21, 2017 at 10:06 AM, Lars Behrens <[log in to unmask]> wrote:
>> Am 21.03.2017 um 14:05 schrieb Nico Kadel-Garcia:
>>>
>>> How did you "copy the system"? Tar, for example, does not carry
>>> along SELinux permissions. The "star" tool can.
>>
>> Yes, I forgot about the SELinux permissions, you're right.
>>
>> I did an 'rsync -xzav --numeric-ids'
>>
>> Where it seems that I should have added an '-X' when selinux comes into
>> play, as I have learned now.
>
> Thanks. I'd searched in the past for "selinux" in "man rsync" and not
> found anything so I assumed that it couldn't preserve selinux
> contexts. I'd also run "ldd /usr/bin/rsync" and not seen libselinux
> listed. I'll have to recheck.

On Fedora 25:

th@localhost ~ $ ldd /usr/bin/cp | egrep 'attr|selinux'
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f75e1f51000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007f75e1b43000)

th@localhost ~ $ ldd /usr/bin/rsync | egrep 'attr|selinux'
libattr.so.1 => /lib64/libattr.so.1 (0x00007f30e1ea9000)

th@localhost ~ $ ldd /usr/bin/star | egrep 'attr|selinux'
libattr.so.1 => /lib64/libattr.so.1 (0x00007f5523fea000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5523dc3000)

th@localhost ~ $ ldd /usr/bin/tar | egrep 'attr|selinux'
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fe38906e000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007fe388aa3000)

So I assumed, wrongly, that rsync needs to be linked to libselinux for
it to be able to preserve selinux labels.