<---- template headericclude ----->
Selinux quota bug?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2018
    Location
    Belgium
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Selinux quota bug?

    I have an issues with quotas and selinux.

    There is a service quotaon.service which should run at boot.
    However it kept failing time and again. I finally figured out that this was due to selinux.

    I tried relabeling at boot, fixfiles relabel, etc. Nothing helped.
    As far as I can see in the logs, the aquota.* files remain unlabeled. Is this a bug or is there any way I tell selinux what label to use?
    The only way I got this to work now is to set selinux to permissive but that is no what I want.

    Any help would be greatly appreciated, I already spent days trying to figure out quotas due to the lack of proper manuals. But for this last issue I cannot find a solution.

    Sep 09 11:48:47 avalon systemd[1]: quotaon.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 09 11:48:47 avalon systemd[1]: quotaon.service: Failed with result 'exit-code'.
    Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.group" dev="sdc1" ino=12 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
    Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.user" dev="sdc1" ino=14 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
    Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.group" dev="sdb1" ino=12 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
    Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.user" dev="sdb1" ino=16 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
    Sep 09 11:50:56 avalon systemd[1]: quotaon.service: Main process exited, code=exited, status=4/NOPERMISSION
    Sep 09 11:50:56 avalon systemd[1]: quotaon.service: Failed with result 'exit-code'.

  2. #2
    Join Date
    Aug 2018
    Location
    Belgium
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Selinux quota bug?

    I finally found the answer. You have to set and update the selinux contexts:

    semanage fcontext -a -t quota_db_t /mnt/sdb/aquota.user
    restorecon /mnt/sdb/aquota.user

Similar Threads

  1. quota
    By shabakeh in forum Using Fedora
    Replies: 2
    Last Post: 1st April 2009, 06:37 PM
  2. Quota issue recompile to support ext3 quota
    By stuartornum in forum Using Fedora
    Replies: 0
    Last Post: 12th September 2006, 06:12 PM
  3. procmail+quota+bounch mail+but no quota full msg to receipent
    By mickyman in forum Security and Privacy
    Replies: 0
    Last Post: 23rd February 2006, 10:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
[[template footer(Guest)]]