Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow systemd-homed get filesystem quotas #2505

Merged
merged 1 commit into from
Jan 8, 2025

Conversation

zpytela
Copy link
Contributor

@zpytela zpytela commented Jan 7, 2025

The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(01/07/2025 04:20:36.210:878) : proctitle=/usr/lib/systemd/systemd-homed type=PATH msg=audit(01/07/2025 04:20:36.210:878) : item=1 name=/dev/vda2 inode=324 dev=00:06 mode=block,660 ouid=root ogid=disk rdev=fc:02 obj=system_u:object_r:fixed_disk_device_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/07/2025 04:20:36.210:878) : item=0 name=/dev/vda2 nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=SYSCALL msg=audit(01/07/2025 04:20:36.210:878) : arch=x86_64 syscall=quotactl success=no exit=EACCES(Permission denied) a0=0x80000700 a1=0x56175d9c8bd0 a2=0xeabe a3=0x7ffe3e1896f0 items=2 ppid=1 pid=709 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-homed exe=/usr/lib/systemd/systemd-homed subj=system_u:system_r:systemd_homed_t:s0 key=(null) type=AVC msg=audit(01/07/2025 04:20:36.210:878) : avc: denied { quotaget } for pid=709 comm=systemd-homed scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0

The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(01/07/2025 04:20:36.210:878) : proctitle=/usr/lib/systemd/systemd-homed
type=PATH msg=audit(01/07/2025 04:20:36.210:878) : item=1 name=/dev/vda2 inode=324 dev=00:06 mode=block,660 ouid=root ogid=disk rdev=fc:02 obj=system_u:object_r:fixed_disk_device_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(01/07/2025 04:20:36.210:878) : item=0 name=/dev/vda2 nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=SYSCALL msg=audit(01/07/2025 04:20:36.210:878) : arch=x86_64 syscall=quotactl success=no exit=EACCES(Permission denied) a0=0x80000700 a1=0x56175d9c8bd0 a2=0xeabe a3=0x7ffe3e1896f0 items=2 ppid=1 pid=709 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-homed exe=/usr/lib/systemd/systemd-homed subj=system_u:system_r:systemd_homed_t:s0 key=(null)
type=AVC msg=audit(01/07/2025 04:20:36.210:878) : avc:  denied  { quotaget } for  pid=709 comm=systemd-homed scontext=system_u:system_r:systemd_homed_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
@zpytela zpytela merged commit cdfbe79 into fedora-selinux:rawhide Jan 8, 2025
3 of 4 checks passed
@zpytela zpytela deleted the sd-homed-quota branch January 8, 2025 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant