Bug 131696
| Summary: | smartd fails to start | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Leonard den Ottolander <leonard-rh-bugzilla> |
| Component: | selinux-policy-strict | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-05-12 19:56:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 123268, 136451 | ||
Leonard, Can you identify more precisely what is going wrong? For example, is the problem with smartd itself, with permissions, or with the init script? Cheers, Bruce Allen I assumed it's just the policy denying smartd access to the device... You might want to compare the boot messages in attachment 103430 [details] which is attached to bug 130992. Forgot to add those log entries here. Is hda6 a removable device? Or was it incorrectly labeled? Dan No hda6 is *not* a removable device, it is the root partition on a fixed HD. And no, it is not incorrectly labeled. Behaviour just broke on policy update. So ls -Z /dev/hda6 shows it as a fixed device? Leonard, Daniel,
I'm the principal smartmontools author, but don't understand if there
is something in smartmontools itself that requires modification here,
or if the problem is elsewhere. open() fails, apparently because of
policy. The log message (no -d removable) simply indicates that
smartd expects open() to work every time on this device: it's not
listed in /etc/smartd.conf as a removable device.
Please let me know if you think that there is something to be fixed
upstream; for now I can't see anything that I can offer to help.
One final comment: smartd (and SMART in general) operates on an entire
device, eg /dev/hda, not on a single partition of that device (eg,
/dev/hda6). However for what it's worth, you can list a partition in
/etc/smartd.conf, rather than the entire device. So perhaps listing a
specific partition in /etc/smartd.conf, rather than /dev/hda, could be
used to advantage?
Cheers,
Bruce
Bruce,
Since the current state of selinux-policy-strict gives me an avc
denied {execute} for pid=1 on my K6 test box I can't currently tell
you anything about the current state of the policy wrt smartd...
Bruce, this is more than likely an SELinux problem. It should not require any changes to smartd. The problem reported states that smartd tried to access a removable_device_t (/dev/hda6) The problem is that this is not allowed. SELinux policy requires that smartd work with fixed_disk_device_t. So the question is why is /dev/hda6 marked as a removable disk, or if not why does the kernel think it is marked with a removable_disk_device_t? Dan |
smartd fails to start at system startup. selinux-policy-strict-1.17.8-2 Sep 3 12:34:03 k6-joy kernel: audit(1094207643.610:0): avc: denied { read } for pid=1569 exe=/usr/sbin/smartd name=hda dev=hda6 ino=101218 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:removable_device_t tclass=blk_file