Unfortunately this is not allowed in the Fedora policy currently, so we need to work around it. Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> --- policy/test_global.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/test_global.te b/policy/test_global.te index 7d399e6..2592553 100644 --- a/policy/test_global.te +++ b/policy/test_global.te @@ -58,6 +58,10 @@ optional_policy(` # Allow the test domain to be entered from sysadm_t sysadm_entry_spec_domtrans_to(testsuite_domain) + # Needed for quotacheck(8) in the filesystem test to succeed + fs_remount_xattr_fs(sysadm_t) + storage_raw_read_fixed_disk(sysadm_t) + # Let sysadm_t use runcon to run the test programs in various domains. #allow sysadm_t self:process setexec; #selinux_get_fs_mount(sysadm_t) -- 2.37.1
