Understanding filesystem quotas
Chris Szilagyi
chris at apex-internet.com
Fri Nov 14 16:57:27 UTC 2014
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 14 Nov 2014, Chris Szilagyi wrote:
>
>>> 3) have read dovecot logs, if there are errors, and
>>
>> Quite a while after testing and posting this, these errors started showing
>> up in /var/log/maillog ... I'm currently investigating. This may be part
>> of
>> the issue.
>>
>> dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed:
>> Permission denied
>
> This is the reason, you do not get any "current" information about the
> quota
>
> Do you have SELinux in action?
> Run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify
> SELinux caused denials,
>
Yes, I do use SELinux. I have tried setting "setenforce 0" however just as
you mentioned these show up in the audit.log which I just found as well:
type=AVC msg=audit(1415935621.946:8005): avc: denied { quotaget } for
pid=27701 comm="imap" scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
I ended up following instructions in a SELinux FAQ to allow dovecot to use
quotaget. Seems that Dovecot is still not reporting any quota usage though:
Quota name Type Value Limit %
User quota STORAGE 0 - 0
I also did a check by running "quota username" and it shows the hard/soft
values set correctly.
These are the steps I went through to correct the SELinux issue:
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotquotaget.te
Edit and take out other lines in this file not pertaining to the quotaget
issue.
checkmodule -M -m -o dovecotquotaget.mod dovecotquotaget.te
semodule_package -o dovecotquotaget.pp -m dovecotquotaget.mod
semodule -i dovecotquotaget.pp
I noticed this before but it doesn't seem that it queries quota usage every
time the user connects via IMAP. I know this because I wasn't always
getting the "Permission denied" errors until a while after I enabled quotas.
If you have any further ideas please let me know. Thank you very much once
again.
--
Chris
More information about the dovecot
mailing list