I’m looking at switching from OpenSuse Leap to Fedora Workstation on my main desktop system. I’ve been testing Fedora 40 for a while now, and the experience has been pretty smooth so far.
One area of concern I still have is SELinux. So, here are some of my questions:
I would like to import my home directory from my old OpenSuse installation, including e.g. my Firefox profile. Am I correct to assume, that all I need to do is rsync my home directory from the old disk to the new disk and then run restorecon on my home directory?
I access a lot of my user data via smb shares hosted on a Debian server and I use systemd automount units to mount these shares when needed. Will it be sufficient to add a mount option setting the SELinux context of those mounts to the same type as my home directory, so I can access them in desktop apps?
I don’t need the context stored on my Debian server (and I’m not even sure whether Samba supports that).
I run a daily backup of my home directory to my Debian server via rsync over ssh retaining permissions, extended attributes, etc. I would like to continue to do so. rsync runs unprivileged on both my desktop and my server. As far as I understand, running rsync unprivileged means you cannot retain the SELinux context. That would be fine, since I can run restorecon on my home directory again, if I ever needed to recover files from my backup like in 1). Correct?
That being said, I don’t need to access my backup often. In the last 5+ years I didn’t need it at all.
Yes, I believe so. Be mindful that a standard installation of Fedora Workstation will set up your /home as a btrfs subvolume.
That I am not sure about.
I believe you are correct. I ran rsync as a backup solution awhile ago, and was using Fedora, but I backed up not to a server, just external storage, so that would be different.
Thanks. Yes, I saw that during the installation that home is a btrfs subvolume. It seems that’s fine, though, since only new (empty) subvolumes will be unlabeled. Snapshots of existing data keep the labels.
And as for importing my old home dir and running restorecon. That worked fine as well. I was a bit surprised that restorecon would only change the labels of a few files, but I guess when rsync copies the files from the old home dir, most of them will get labeled automatically. They are at least, all labeled and everything I tried, like using my old Firefox profile, just works.
So, I just gave it a try and it seems to work. I added the option context= to my fstab entries and just copied over the the context of my home directory and I can access my data just fine in various apps, no SELinux violations triggered. Note: I only have data in these shares (documents, photos, music, etc.) not binaries. Maybe that would make a difference, but for my purpose, it seems to be pretty effortless.
So, after doing the “drill” once when importing my old data, I’m conifdent this will work again, if I ever have to restore my data.