[redhat-lspp] turning on quota under the MLS strict policy
Thiago Jung Bauermann
bauerman at br.ibm.com
Fri Oct 20 19:14:23 UTC 2006
So, does anyone have a tip about this?
--
[]'s
Thiago Jung Bauermann
Software Engineer
IBM Linux Technology Center
On Wed, 2006-10-18 at 23:40 -0300, Thiago Jung Bauermann wrote:
> Hi,
>
> I am trying to play with filesystem quota under the MLS strict policy,
> but I can't get quotacheck to run (the following is as sysadm_r):
>
> # mount -o loop,usrquota,grpquota,context=root:object_r:root_t:s0
> foo /mnt
> # quotacheck -cug /mnt
> quotacheck: Can't statfs() /mnt: Permission denied
> quotacheck: Mountpoint (or device) /mnt not found.
> quotacheck: Can't find filesystem to check or filesystem not mounted
> with quota option.
> #
>
> I get the following audit records:
>
> type=SYSCALL msg=audit(1161225352.239:1569): arch=14 syscall=252
> success=no exit=-13 a0=fe8ad6bc a1=58 a2=fe8ac660 a3=100c0bfc
> items=0 ppid=30858 pid=31062 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=pts0 comm="quotacheck" exe="/
> sbin/quotacheck" subj=staff_u:sysadm_r:quota_t:s0-s15:c0.c255 key=(null)
> type=AVC msg=audit(1161225352.239:1569): avc: denied { getattr } for
> pid=31062 comm="quotacheck" name="/" dev=loop0 ino=2
> scontext=staff_u:sysadm_r:quota_t:s0-s15:c0.c255
> tcontext=root:object_r:root_t:s0 tclass=filesystem
>
> Is there a specific type the filesystem must be mounted as to get the above to work?
More information about the redhat-lspp
mailing list