SELinux Errors on restic restore test

I use restic to backup important files and I’m trying to test out a restore. I’m hitting SELinux related issues and I posted the following on the restic forum, but I though people here might be able to help since I doubt it’s related to restic. Note that I do not get any SE Linux errors reported to the SE Linux Troubleshooter when this happens.

Here is my post on the restic forum:

I use Fedora Linux which has SELinux for file security. I honestly know almost nothing about SELinux. I am testing restores and I am getting SELinux related errors on the restore causing them to fail. I suspect the errors are due to how I created the directories and mounted a drive as they only happen when I’m trying to restore a path that I backed up from a subdirectory on my /mnt/data drive.

Here is how that drive is mounted:

mount | grep data
/dev/sda1 on /mnt/data type btrfs (rw,noatime,seclabel,compress-force=zstd:3,space_cache=v2,subvolid=256,subvol=/data_sv)

This shows that the drive mounted at /mnt/data has no SELinux info defined (the ?), so I think that is the problem. I know I probably need to label this with a proper SELinux context, but I have no clue what it should be.

ls -ldZ /mnt/data
drwxrwxrwx 1 root data ? 124 Feb 16 07:20 /mnt/data

My backup scripts run as root.

Here is an example of the error I’m getting:

restic restore latest --include /mnt/data/backup/Kimberly/ -vv --target /mnt/data/tmp_restore_test
repository a82ee0c6 opened (version 2, compression level auto)
[0:00] 100.00%  17 / 17 index files loaded
restoring snapshot cbb3df49 of [/home/guykendall/Documents /mnt/data/Pictures /home/guykendall/CalibreLibrary /home/guykendall/Videos /mnt/data/CDs /mnt/data/KimsRips /usr/local/libexec/scripts /home/guykendall/userscripts /mnt/data/backup/Kimberly /home/guykendall/Downloads/PurchasedKindleBooks] at 2026-02-16 05:30:53.180208467 -0700 MST by root@overkill to /mnt/data/tmp_restore_test

<removed all the other file prints>

restored  /mnt/data/backup/Kimberly
restored  /mnt/data/backup
ignoring error for /mnt/data: xattr.LRemove /mnt/data/tmp_restore_test/mnt/data security.selinux: permission denied
restored  /mnt
Summary: Restored 1971 / 1969 files/dirs (5.153 GiB / 5.153 GiB) in 0:54
Fatal: There were 1 errors

Note that the source directory I backed up was on /mnt/data and I’m also restoring it to a temp directory on /mnt/data.

Can anyone help me understand what that error message means and suggest how I should fix it?

Thanks.

The restore appears to be fine - all the data came back. It fails reapplying the extended attributes to your file system though.

Does the restore still work cleanly with --no-xattrs appended to the restore command?

I tried --no-xattrs, but that option doesn’t appear to exist:

restic restore latest --include /mnt/data/backup/Kimberly/ -vv --target /mnt/data/tmp_restore_test --no-xattrs
unknown flag: --no-xattrs

So I looked at the documentation here:

which describes the --exclude-xattr and --include-xattr options.

I first tried --include and it didn’t fix it:

restic restore latest --include /mnt/data/backup/Kimberly/ -v --target /mnt/data/tmp_restore_test --include-xattr user.* --include-xattr security.*
repository a82ee0c6 opened (version 2, compression level auto)
[0:00] 100.00%  17 / 17 index files loaded
restoring snapshot cbb3df49 of [/home/guykendall/Documents /mnt/data/Pictures /home/guykendall/CalibreLibrary /home/guykendall/Videos /mnt/data/CDs /mnt/data/KimsRips /usr/local/libexec/scripts /home/guykendall/userscripts /mnt/data/backup/Kimberly /home/guykendall/Downloads/PurchasedKindleBooks] at 2026-02-16 05:30:53.180208467 -0700 MST by root@overkill to /mnt/data/tmp_restore_test
ignoring error for /mnt/data: xattr.LRemove /mnt/data/tmp_restore_test/mnt/data security.selinux: permission denied
Summary: Restored 1971 / 1969 files/dirs (5.153 GiB / 5.153 GiB) in 0:50
Fatal: There were 1 errors

Then I tried --exclude and that seems to prevent the error:

restic restore latest --include /mnt/data/backup/Kimberly/ -v --target /mnt/data/tmp_restore_test --exclude-xattr user.* --exclude-xattr security.*
repository a82ee0c6 opened (version 2, compression level auto)
[0:00] 100.00%  17 / 17 index files loaded
restoring snapshot cbb3df49 of [/home/guykendall/Documents /mnt/data/Pictures /home/guykendall/CalibreLibrary /home/guykendall/Videos /mnt/data/CDs /mnt/data/KimsRips /usr/local/libexec/scripts /home/guykendall/userscripts /mnt/data/backup/Kimberly /home/guykendall/Downloads/PurchasedKindleBooks] at 2026-02-16 05:30:53.180208467 -0700 MST by root@overkill to /mnt/data/tmp_restore_test
Summary: Restored 1972 / 1969 files/dirs (5.153 GiB / 5.153 GiB) in 0:51

So that’s good that I can make the error go away, but I’m wondering if that’s the proper fix or a workaround? I don’t really understand what those do either. Do I need to fix up the SELinux attributes on the source and create a a new snapshot?

Thanks.

Good catch - I was going from memory when I did the same kind of test restore and hit the same message.

(on phone so no easy access to man pages)