Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

SElinux chcon not updating ctime

It appears that whenever a file's SElinux security context is updated (with chcon), the file's ctime does NOT get updated (unlike when you update ACLs, permissions, etc). The problem is, that most backup software will look at the file's ctime and/or mtime when making incremental backups. So the question is, is there somewhere else I should be looking at to determine if a file's security context has been updated since the last backup? For the time being, I've decided to grab and store the current security context of each file, whenever I scan for modified files. But it would be nice to be able to use, for example "find -cnewer ..." and have it return these files too.

BTW, any answer is acceptable, even if it includes modifying my backup software.

SElinux chcon command not updating ctime

It appears that whenever a file's SElinux security context is updated (with chcon), the file's ctime does NOT get updated (unlike when you update ACLs, permissions, etc). The problem is, that most backup software will look at the file's ctime and/or mtime when making incremental backups. So the question is, is there somewhere else I should be looking at to determine if a file's security context has been updated since the last backup? For the time being, I've decided to grab and store the current security context of each file, whenever I scan for modified files. But it would be nice to be able to use, for example "find -cnewer ..." and have it return these files too.

BTW, any answer is acceptable, even if it includes modifying my backup software.