Running FC from the devel tree as of last night, and a 2.6.10-mm1-RT kernel.
OK.. So I go and put user and group quotas on all the R/W file systems (it's a lot quicker to run 'repquota /full.fs' than to run 'du' and similar when you're sitting at 99%.. ;)
Then quite some time later I run setfiles because I was pretty sure that I had a lot of files that hadn't been installed by rpm and thus didn't have the right contexts on them, and I get:
/usr/sbin/setfiles: relabeling /aquota.user from system_u:object_r:quota_db_t to system_u:object_r:default_t /aquota.user: Operation not permitted /usr/sbin/setfiles: unable to relabel /aquota.user to system_u:object_r:default_t /usr/sbin/setfiles: relabeling /aquota.group from system_u:object_r:quota_db_t to system_u:object_r:default_t /aquota.group: Operation not permitted /usr/sbin/setfiles: unable to relabel /aquota.group to system_u:object_r:default_t
/usr/sbin/setfiles: relabeling /boot/aquota.user from system_u:object_r:quota_db_t to system_u:object_r:boot_t /boot/aquota.user: Operation not permitted /usr/sbin/setfiles: unable to relabel /boot/aquota.user to system_u:object_r:boot_t /usr/sbin/setfiles: relabeling /boot/aquota.group from system_u:object_r:quota_db_t to system_u:object_r:boot_t /boot/aquota.group: Operation not permitted /usr/sbin/setfiles: unable to relabel /boot/aquota.group to system_u:object_r:boot_t
/usr/sbin/setfiles: relabeling /usr/aquota.user from root:object_r:quota_db_t to system_u:object_r:usr_t /usr/aquota.user: Operation not permitted /usr/sbin/setfiles: unable to relabel /usr/aquota.user to system_u:object_r:usr_t /usr/sbin/setfiles: relabeling /usr/aquota.group from system_u:object_r:quota_db_t to system_u:object_r:usr_t /usr/aquota.group: Operation not permitted /usr/sbin/setfiles: unable to relabel /usr/aquota.group to system_u:object_r:usr_t
Is there any way to express:
$MOUNTPOINT/aquota.(user|group)$ -- system_u:object_r:quota_db_t
in the .fc files, or do we need to settle for '/.*/aquota.(user|group)' as the regexp?
(And no, I have no idea how I ended up with 'root:object_r:quota_db_t' on /usr/aquota.user, but the other ones were system_u....)
selinux@lists.fedoraproject.org