quota files oddity...
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jan 20 16:55:23 UTC 2005
Running FC from the devel tree as of last night, and a 2.6.10-mm1-RT kernel.
OK.. So I go and put user and group quotas on all the R/W file systems (it's
a lot quicker to run 'repquota /full.fs' than to run 'du' and similar when you're
sitting at 99%.. ;)
Then quite some time later I run setfiles because I was pretty sure that I
had a lot of files that hadn't been installed by rpm and thus didn't have
the right contexts on them, and I get:
/usr/sbin/setfiles: relabeling /aquota.user from system_u:object_r:quota_db_t to system_u:object_r:default_t
/aquota.user: Operation not permitted
/usr/sbin/setfiles: unable to relabel /aquota.user to system_u:object_r:default_t
/usr/sbin/setfiles: relabeling /aquota.group from system_u:object_r:quota_db_t to system_u:object_r:default_t
/aquota.group: Operation not permitted
/usr/sbin/setfiles: unable to relabel /aquota.group to system_u:object_r:default_t
/usr/sbin/setfiles: relabeling /boot/aquota.user from system_u:object_r:quota_db_t to system_u:object_r:boot_t
/boot/aquota.user: Operation not permitted
/usr/sbin/setfiles: unable to relabel /boot/aquota.user to system_u:object_r:boot_t
/usr/sbin/setfiles: relabeling /boot/aquota.group from system_u:object_r:quota_db_t to system_u:object_r:boot_t
/boot/aquota.group: Operation not permitted
/usr/sbin/setfiles: unable to relabel /boot/aquota.group to system_u:object_r:boot_t
/usr/sbin/setfiles: relabeling /usr/aquota.user from root:object_r:quota_db_t to system_u:object_r:usr_t
/usr/aquota.user: Operation not permitted
/usr/sbin/setfiles: unable to relabel /usr/aquota.user to system_u:object_r:usr_t
/usr/sbin/setfiles: relabeling /usr/aquota.group from system_u:object_r:quota_db_t to system_u:object_r:usr_t
/usr/aquota.group: Operation not permitted
/usr/sbin/setfiles: unable to relabel /usr/aquota.group to system_u:object_r:usr_t
Is there any way to express:
$MOUNTPOINT/aquota\.(user|group)$ -- system_u:object_r:quota_db_t
in the .fc files, or do we need to settle for '/.*/aquota\.(user|group)' as
the regexp?
(And no, I have no idea how I ended up with 'root:object_r:quota_db_t' on
/usr/aquota.user, but the other ones were system_u....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050120/b147d22e/attachment.sig>
More information about the fedora-selinux-list
mailing list