On Fri, 2006-10-20 at 16:34 -0300, Thiago Jung Bauermann wrote: > On Fri, 2006-10-20 at 15:23 -0400, [EMAIL PROTECTED] wrote: > > On Fri, 20 Oct 2006 16:14:23 -0300, Thiago Jung Bauermann said: > > > So, does anyone have a tip about this? > > Admittedly mostly shooting in the dark here.. > > No problem! > > > > > scontext=staff_u:sysadm_r:quota_t:s0-s15:c0.c255 > > > > tcontext=root:object_r:root_t:s0 tclass=filesystem > > What happens if you're running as sysadm_t or similar instead of root_t? > > This looks like SELinux "working as designed" - it stopped a root process > > that was in the wrong context from doing something it wasn't allowed to do. > > Actually, root_t is the type of the filesystem. I used it imagining the > policy would allow quota to be turned on on /. I also tried mounting the > filesystem as tmp_t, to no avail. > > The process's type is quota_t, which sounds like a reasonable type for > the quotacheck utility. > > > Does 'newrole -r sysadm_r' improve things? > > Yup, that's what I'm using.
Seems like it is just a policy bug to me. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
