After configuring labeled file systems and their users, you maintain the systems by monitoring audit logs and archiving the file systems. Periodically, you need to update the users who can access sensitive files. You can also store an export of the label policy.
Transfer files to a new labeled file system by running the tar command with the -T option.
In the following example, fromdir is the root of the existing file system and todir is the root of the new file system.
$ pfbash $ cd fromdir; tar -cTf - . | (cd todir; tar xTp -)
For more information, see the tar(1) man page.
Archive the file systems by using the zfs send and archiveadm commands.
$ pfexec zfs send -r labeled-filesystem
$ pfexec archiveadm labeled-filesystem
Export and store the commands that re-create your encodings file.
This file can be imported to create your encodings file on a test system, for example.
# labelcfg -f enc-file-commands
For example, to save the committed encodings file to an administrative directory:
# labelcfg -f /opt/adminfiles/site-enc-commands