On Fri, 2006-10-20 at 15:23 -0400, [EMAIL PROTECTED] wrote: > On Fri, 20 Oct 2006 16:14:23 -0300, Thiago Jung Bauermann said: > > So, does anyone have a tip about this? > Admittedly mostly shooting in the dark here..
No problem! > > > scontext=staff_u:sysadm_r:quota_t:s0-s15:c0.c255 > > > tcontext=root:object_r:root_t:s0 tclass=filesystem > What happens if you're running as sysadm_t or similar instead of root_t? > This looks like SELinux "working as designed" - it stopped a root process > that was in the wrong context from doing something it wasn't allowed to do. Actually, root_t is the type of the filesystem. I used it imagining the policy would allow quota to be turned on on /. I also tried mounting the filesystem as tmp_t, to no avail. The process's type is quota_t, which sounds like a reasonable type for the quotacheck utility. > Does 'newrole -r sysadm_r' improve things? Yup, that's what I'm using. -- []'s Thiago Jung Bauermann Software Engineer IBM Linux Technology Center -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
