Bug 131696 - smartd fails to start
smartd fails to start
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: FC3Target FC4Target
  Show dependency treegraph
 
Reported: 2004-09-03 07:18 EDT by Leonard den Ottolander
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-12 15:56:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Leonard den Ottolander 2004-09-03 07:18:41 EDT
smartd fails to start at system startup.

selinux-policy-strict-1.17.8-2

Sep  3 12:34:03 k6-joy kernel: audit(1094207643.610:0): avc:  denied 
{ read } for  pid=1569 exe=/usr/sbin/smartd name=hda dev=hda6
ino=101218 scontext=system_u:system_r:fsdaemon_t
tcontext=system_u:object_r:removable_device_t tclass=blk_file
Comment 1 Bruce Allen 2004-09-07 08:53:54 EDT
Leonard,

Can you identify more precisely what is going wrong?  For example,
is the problem with smartd itself, with permissions, or with the init
script?

Cheers,
   Bruce Allen
Comment 2 Leonard den Ottolander 2004-09-07 09:48:35 EDT
I assumed it's just the policy denying smartd access to the device... 

You might want to compare the boot messages in attachment 103430 [details] which
is attached to bug 130992. Forgot to add those log entries here.
Comment 3 Daniel Walsh 2004-09-09 13:32:05 EDT
Is hda6 a removable device?  Or was it incorrectly labeled?

Dan
Comment 4 Leonard den Ottolander 2004-09-09 17:51:19 EDT
No hda6 is *not* a removable device, it is the root partition on a
fixed HD. And no, it is not incorrectly labeled. Behaviour just broke
on policy update.
Comment 5 Daniel Walsh 2004-09-13 11:09:51 EDT
So ls -Z /dev/hda6 shows it as a fixed device?
Comment 6 Bruce Allen 2004-09-13 20:40:14 EDT
Leonard, Daniel,

I'm the principal smartmontools author, but don't understand if there
is something in smartmontools itself that requires modification here,
or if the problem is elsewhere.  open() fails, apparently because of
policy.  The log message (no -d removable) simply indicates that
smartd expects open() to work every time on this device: it's not
listed in /etc/smartd.conf as a removable device.

Please let me know if you think that there is something to be fixed
upstream; for now I can't see anything that I can offer to help.

One final comment: smartd (and SMART in general) operates on an entire
device, eg /dev/hda, not on a single partition of that device (eg,
/dev/hda6).   However for what it's worth, you can list a partition in
 /etc/smartd.conf, rather than the entire device.  So perhaps listing a 
specific partition in /etc/smartd.conf, rather than /dev/hda, could be
used to advantage?

Cheers,
     Bruce
Comment 7 Leonard den Ottolander 2004-09-14 08:00:34 EDT
Bruce,

Since the current state of selinux-policy-strict gives me an avc
denied {execute} for pid=1 on my K6 test box I can't currently tell
you anything about the current state of the policy wrt smartd...
Comment 8 Daniel Walsh 2004-09-15 16:09:38 EDT
Bruce, this is more than likely an SELinux problem.  It should not
require any changes to smartd.  The problem reported states that
smartd tried to access a removable_device_t (/dev/hda6)  The problem
is that this is not allowed.  SELinux policy requires that smartd work
with fixed_disk_device_t.  So the question is why is /dev/hda6 marked
as  a removable disk, or if not why does the kernel think it is marked
with a removable_disk_device_t?

Dan

Note You need to log in before you can comment on or make changes to this bug.