tartar utility does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use the tar --selinux command to create archives that retain contexts. If a tar archive contains files without extended attributes, or if you want the extended attributes to match the system defaults, use the restorecon utility:
~]$tar -xvf archive.tar | restorecon -f -
restorecon.
tar archive that retains SELinux contexts:
Procedure 10.22. Creating a tar Archive
file1, file2, and file3) in the /var/www/html/ directory. These files inherit the httpd_sys_content_t type from /var/www/html/:
~]#touch /var/www/html/file{1,2,3}
~]#ls -Z /var/www/html/-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
/var/www/html/. Once in this directory, as root, run the following command to create a tar archive named test.tar:
~]$cd /var/www/html/
html]#tar --selinux -cf test.tar file{1,2,3}
/test/, and then allow all users full access to it:
~]#mkdir /test
~]#chmod 777 /test/
test.tar file into /test/:
~]$cp /var/www/html/test.tar /test/
/test/ directory. Once in this directory, run the following command to extract the tar archive:
test]$tar -xvf test.tar
httpd_sys_content_t type has been retained, rather than being changed to default_t, which would have happened had the --selinux not been used:
~]$ls -lZ /test/-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3 -rw-r--r-- user1 group1 unconfined_u:object_r:default_t:s0 test.tar
/test/ directory is no longer required, as root, run the following command to remove it, as well as all files in it:
~]#rm -ri /test/
tar, such as the --xattrs option that retains all extended attributes.