Help with Linux SELinux Errors on Restore

Getting Help
1

I use Fedora Linux which has SELinux for file security. I honestly know almost nothing about SELinux. I am testing restores and I am getting SELinux related errors on the restore causing them to fail. I suspect the errors are due to how I created the directories and mounted a drive as they only happen when I’m trying to restore a path that I backed up from a subdirectory on my /mnt/data drive.

Here is how that drive is mounted:

mount | grep data
/dev/sda1 on /mnt/data type btrfs (rw,noatime,seclabel,compress-force=zstd:3,space_cache=v2,subvolid=256,subvol=/data_sv)

This shows that the drive mounted at /mnt/data has no SELinux info defined (the ?), so I think that is the problem. I know I probably need to label this with a proper SELinux context, but I have no clue what it should be.

ls -ldZ /mnt/data
drwxrwxrwx 1 root data ? 124 Feb 16 07:20 /mnt/data

My backup scripts run as root.

Here is an example of the error I’m getting:

restic restore latest --include /mnt/data/backup/Kimberly/ -vv --target /mnt/data/tmp_restore_test
repository a82ee0c6 opened (version 2, compression level auto)
[0:00] 100.00%  17 / 17 index files loaded
restoring snapshot cbb3df49 of [/home/guykendall/Documents /mnt/data/Pictures /home/guykendall/CalibreLibrary /home/guykendall/Videos /mnt/data/CDs /mnt/data/KimsRips /usr/local/libexec/scripts /home/guykendall/userscripts /mnt/data/backup/Kimberly /home/guykendall/Downloads/PurchasedKindleBooks] at 2026-02-16 05:30:53.180208467 -0700 MST by root@overkill to /mnt/data/tmp_restore_test

<removed all the other file prints>

restored  /mnt/data/backup/Kimberly
restored  /mnt/data/backup
ignoring error for /mnt/data: xattr.LRemove /mnt/data/tmp_restore_test/mnt/data security.selinux: permission denied
restored  /mnt
Summary: Restored 1971 / 1969 files/dirs (5.153 GiB / 5.153 GiB) in 0:54
Fatal: There were 1 errors

Note that the source directory I backed up was on /mnt/data and I’m also restoring it to a temp directory on /mnt/data.

Can anyone help me understand what that error message means and suggest how I should fix it?

Thanks.

2

I tried --exclude-xattr and that seems to prevent the error:

restic restore latest --include /mnt/data/backup/Kimberly/ -v --target /mnt/data/tmp_restore_test --exclude-xattr user.* --exclude-xattr security.*
repository a82ee0c6 opened (version 2, compression level auto)
[0:00] 100.00%  17 / 17 index files loaded
restoring snapshot cbb3df49 of [/home/guykendall/Documents /mnt/data/Pictures /home/guykendall/CalibreLibrary /home/guykendall/Videos /mnt/data/CDs /mnt/data/KimsRips /usr/local/libexec/scripts /home/guykendall/userscripts /mnt/data/backup/Kimberly /home/guykendall/Downloads/PurchasedKindleBooks] at 2026-02-16 05:30:53.180208467 -0700 MST by root@overkill to /mnt/data/tmp_restore_test
Summary: Restored 1972 / 1969 files/dirs (5.153 GiB / 5.153 GiB) in 0:51

So that’s good that I can make the error go away, but I’m wondering if that’s the proper fix or a workaround? I don’t really understand what those do either. Do I need to fix up the SELinux attributes on the source and create a a new snapshot?

3

Hi!

I used it years ago, I would check the logs (journalctl and dmesg), there’s usually a help text with proper audit2allow command that will generate the policy automatically.

Did you try their documentation?

4

I have the SELinux Troubleshooter installed and when this happens it is not creating new alerts so it doesn’t tell me what it recommends doing about it. It seems like SELinux isn’t throwing the error, but restic is.

I also tried setting “sudo setenforce 0” but that didn’t make the error go away.

5

The error message above says that restic tries to remove some SELinux label and isn’t allowed to do. If someone can provide insights on when or whether that label can be modified at all, then we could discuss letting restic silently ignore it.