System administration tools for monitoring users' disk usage
6787f00c45
quota_nld daemon writes to /dev/pts/N files thag has 0620 mode and some_user:tty ownership. If the daemon runs as a systemd service, SELinux denies DAC_OVERRIDE capability that allows a root user to access files without matching permissions. We could fix it by adding a special SELinux rule, but SELinux considers DAC_OVERRIDE harmful and prefers fixing the file permissions instead. We could patch quota_nld source to setgid() to tty group, but the exact group name or ID is varies among distributions. This is not upstreamable. We could patch quota_nld to fork and setgid() to a group equaled to the targeted device group. But that seems way to complicated if we can simply patch systemd unit file to change group to "tty". Thus I selected this approach. |
||
|---|---|---|
| .gitignore | ||
| quota_nld.service | ||
| quota_nld.sysconfig | ||
| quota-4.03-Validate-upper-bound-of-RPC-port.patch | ||
| quota-4.04-warnquota-configuration-tunes.patch | ||
| quota-4.05-COPYING-Update-mailing-address.patch | ||
| quota-4.05-Make-messages-about-failures-for-NFS-consistent-with.patch | ||
| quota-4.05-quotaops-Do-not-leak-dquot-structures-on-failure.patch | ||
| quota-4.05-quotaops-Do-not-return-partial-list-from-getprivs.patch | ||
| quota-4.05-quotaops-Make-error-string-translatable.patch | ||
| quota-4.05-Revert-configure.ac-fix-pkg_check_modules-calls.patch | ||
| quota-4.05-rpc-Clarify-error-message-when-cannot-connect-to-rpc.patch | ||
| quota-4.05-setquota-Report-failure-to-obtain-quota-information.patch | ||
| quota.rpmlintrc | ||
| quota.spec | ||
| rpc-rquotad.service | ||
| rpc-rquotad.sysconfig | ||
| sources | ||