-
9th September 2018, 11:16 AM
#1
Selinux quota bug?
I have an issues with quotas and selinux.
There is a service quotaon.service which should run at boot.
However it kept failing time and again. I finally figured out that this was due to selinux.
I tried relabeling at boot, fixfiles relabel, etc. Nothing helped.
As far as I can see in the logs, the aquota.* files remain unlabeled. Is this a bug or is there any way I tell selinux what label to use?
The only way I got this to work now is to set selinux to permissive but that is no what I want.
Any help would be greatly appreciated, I already spent days trying to figure out quotas due to the lack of proper manuals. But for this last issue I cannot find a solution.
Sep 09 11:48:47 avalon systemd[1]: quotaon.service: Main process exited, code=exited, status=4/NOPERMISSION
Sep 09 11:48:47 avalon systemd[1]: quotaon.service: Failed with result 'exit-code'.
Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.group" dev="sdc1" ino=12 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.user" dev="sdc1" ino=14 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.group" dev="sdb1" ino=12 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Sep 09 11:50:56 avalon audit[2587]: AVC avc: denied { quotaon } for pid=2587 comm="quotaon" name="aquota.user" dev="sdb1" ino=16 scontext=system_u:system_r:quota_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Sep 09 11:50:56 avalon systemd[1]: quotaon.service: Main process exited, code=exited, status=4/NOPERMISSION
Sep 09 11:50:56 avalon systemd[1]: quotaon.service: Failed with result 'exit-code'.
-
11th September 2018, 08:55 AM
#2
Re: Selinux quota bug?
I finally found the answer. You have to set and update the selinux contexts:
semanage fcontext -a -t quota_db_t /mnt/sdb/aquota.user
restorecon /mnt/sdb/aquota.user
Similar Threads
-
By shabakeh in forum Using Fedora
Replies: 2
Last Post: 1st April 2009, 06:37 PM
-
By stuartornum in forum Using Fedora
Replies: 0
Last Post: 12th September 2006, 06:12 PM
-
By mickyman in forum Security and Privacy
Replies: 0
Last Post: 23rd February 2006, 10:21 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
[[template footer(Guest)]]