Product SiteDocumentation Site

4.10.5. Archiving Files with star

The star utility does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use the star -xattr -H=exustar command to create archives that retain contexts. The star package is not installed by default. To install star, run the dnf install star command as the root user.
The following example demonstrates creating a star archive that retains SELinux contexts:
Procedure 4.18. Creating a star Archive
  1. As root, create three files (file1, file2, and file3) in the /var/www/html/. These files inherit the httpd_sys_content_t type from /var/www/html/:
    ~]# touch /var/www/html/file{1,2,3}
    ~]# ls -Z /var/www/html/
    -rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
    -rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
    -rw-r--r--  root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
  2. Change into /var/www/html/ directory. Once in this directory, as root, run the following command to create a star archive named
    ~]$ cd /var/www/html
    html]# star -xattr -H=exustar -c file{1,2,3}
    star: 1 blocks + 0 bytes (total of 10240 bytes = 10.00k).
  3. As root, create a new directory named /test/, and then allow all users full access to it:
    ~]# mkdir /test
    ~]# chmod 777 /test/
  4. Run the following command to copy the file into /test/:
    ~]$ cp /var/www/html/ /test/
  5. Change into /test/. Once in this directory, run the following command to extract the star archive:
    ~]$ cd /test/
    test]$ star -x 
    star: 1 blocks + 0 bytes (total of 10240 bytes = 10.00k).
  6. View the SELinux contexts. The httpd_sys_content_t type has been retained, rather than being changed to default_t, which would have happened had the -xattr -H=exustar option not been used:
    ~]$ ls -lZ /test/
    -rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1
    -rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2
    -rw-r--r--  user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3
    -rw-r--r--  user1 group1 unconfined_u:object_r:default_t:s0
  7. If the /test/ directory is no longer required, as root, run the following command to remove it, as well as all files in it:
    ~]# rm -ri /test/
  8. If star is no longer required, as root, remove the package:
    ~]# dnf remove star
See the star(1) manual page for further information about star.