[redhat-lspp] turning on quota under the MLS strict policy
Thiago Jung Bauermann
bauerman at br.ibm.com
Thu Oct 19 02:40:54 UTC 2006
Hi,
I am trying to play with filesystem quota under the MLS strict policy,
but I can't get quotacheck to run (the following is as sysadm_r):
# mount -o loop,usrquota,grpquota,context=root:object_r:root_t:s0
foo /mnt
# quotacheck -cug /mnt
quotacheck: Can't statfs() /mnt: Permission denied
quotacheck: Mountpoint (or device) /mnt not found.
quotacheck: Can't find filesystem to check or filesystem not mounted
with quota option.
#
I get the following audit records:
type=SYSCALL msg=audit(1161225352.239:1569): arch=14 syscall=252
success=no exit=-13 a0=fe8ad6bc a1=58 a2=fe8ac660 a3=100c0bfc
items=0 ppid=30858 pid=31062 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts0 comm="quotacheck" exe="/
sbin/quotacheck" subj=staff_u:sysadm_r:quota_t:s0-s15:c0.c255 key=(null)
type=AVC msg=audit(1161225352.239:1569): avc: denied { getattr } for
pid=31062 comm="quotacheck" name="/" dev=loop0 ino=2
scontext=staff_u:sysadm_r:quota_t:s0-s15:c0.c255
tcontext=root:object_r:root_t:s0 tclass=filesystem
Is there a specific type the filesystem must be mounted as to get the above to work?
--
[]'s
Thiago Jung Bauermann
Software Engineer
IBM Linux Technology Center
More information about the redhat-lspp
mailing list