I have a lot of these messages in my /var/log/messages from the kernel (2.6.9-11.ELsmp on dual AMD Opteron 244 x86_64 machine): post_create: setxattr failed, rc=122 (dev=md1 ino=1320515) It seems like only anoying messages according to: http://mail.wirex.com/pipermail/linux-security-module/2005-July/6274.html I'l try to use beta kernel too.
This is a property of the existing SELinux implementation: the core VFS doesn't ask SELinux to set up security contexts until after the filesystem itself has created a new file. So, it is possible for the file create to succeed but for the initialisation of the SELinux label to fail; such files end up with a default label, but the SELinux security policy deals with those labels to avoid this being a security problem. rc=122 indicates that the error here is EDQUOT, so the user has exceeded disk quota between the initial file create and the setting of the SELinux attribute. Future versions of Linux will not have this behaviour, but will set SELinux attributes atomically and will fail the create if that cannot be done. But this will not be changed in RHEL-4, as that constitutes a significant change in the semantics of the VFS layer.