5.9.4. Archiving Files with tar

The tar utility does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use the tar --selinux command to create archives that retain contexts and to restore files from the archives. If a tar archive contains files without extended attributes, or if you want the extended attributes to match the system defaults, use the restorecon utility:

~]$ tar -xvf archive.tar | restorecon -f -

Note that depending on the directory, you may need to be the root user to run the restorecon.

The following example demonstrates creating a tar archive that retains SELinux contexts:

Procedure 5.10. Creating a tar Archive

Change to the /var/www/html/ directory and view its SELinux context:

~]$ cd /var/www/html/

html]$ ls -dZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .

As root, create three files (file1, file2, and file3) in /var/www/html/. These files inherit the httpd_sys_content_t type from /var/www/html/:

html]# touch file{1,2,3}

html]$ ls -Z /var/www/html/
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file3

As root, run the following command to create a tar archive named test.tar. Use the --selinux to retain the SELinux context:
```
html]# tar --selinux -cf test.tar file{1,2,3}
```
As root, create a new directory named /test/, and then allow all users full access to it:
```
~]# mkdir /test
```
```
~]# chmod 777 /test/
```
Copy the test.tar file into /test/:
```
~]$ cp /var/www/html/test.tar /test/
```
Change into /test/ directory. Once in this directory, run the following command to extract the tar archive. Specify the --selinux option again otherwise the SELinux context will be changed to default_t:
```
~]$ cd /test/
```
```
test]$ tar --selinux -xvf test.tar
```

View the SELinux contexts. The httpd_sys_content_t type has been retained, rather than being changed to default_t, which would have happened had the --selinux not been used:

test]$ ls -lZ /test/
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3
-rw-r--r--  user1 group1 unconfined_u:object_r:default_t:s0 test.tar

If the /test/ directory is no longer required, as root, run the following command to remove it, as well as all files in it:
```
~]# rm -ri /test/
```

See the tar(1) manual page for further information about tar, such as the --xattrs option that retains all extended attributes.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

5.9.4. Archiving Files with tar

Where did the comment section go?