smartd fails to start at system startup. selinux-policy-strict-1.17.8-2 Sep 3 12:34:03 k6-joy kernel: audit(1094207643.610:0): avc: denied { read } for pid=1569 exe=/usr/sbin/smartd name=hda dev=hda6 ino=101218 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:removable_device_t tclass=blk_file
Leonard, Can you identify more precisely what is going wrong? For example, is the problem with smartd itself, with permissions, or with the init script? Cheers, Bruce Allen
I assumed it's just the policy denying smartd access to the device... You might want to compare the boot messages in attachment 103430 [details] which is attached to bug 130992. Forgot to add those log entries here.
Is hda6 a removable device? Or was it incorrectly labeled? Dan
No hda6 is *not* a removable device, it is the root partition on a fixed HD. And no, it is not incorrectly labeled. Behaviour just broke on policy update.
So ls -Z /dev/hda6 shows it as a fixed device?
Leonard, Daniel, I'm the principal smartmontools author, but don't understand if there is something in smartmontools itself that requires modification here, or if the problem is elsewhere. open() fails, apparently because of policy. The log message (no -d removable) simply indicates that smartd expects open() to work every time on this device: it's not listed in /etc/smartd.conf as a removable device. Please let me know if you think that there is something to be fixed upstream; for now I can't see anything that I can offer to help. One final comment: smartd (and SMART in general) operates on an entire device, eg /dev/hda, not on a single partition of that device (eg, /dev/hda6). However for what it's worth, you can list a partition in /etc/smartd.conf, rather than the entire device. So perhaps listing a specific partition in /etc/smartd.conf, rather than /dev/hda, could be used to advantage? Cheers, Bruce
Bruce, Since the current state of selinux-policy-strict gives me an avc denied {execute} for pid=1 on my K6 test box I can't currently tell you anything about the current state of the policy wrt smartd...
Bruce, this is more than likely an SELinux problem. It should not require any changes to smartd. The problem reported states that smartd tried to access a removable_device_t (/dev/hda6) The problem is that this is not allowed. SELinux policy requires that smartd work with fixed_disk_device_t. So the question is why is /dev/hda6 marked as a removable disk, or if not why does the kernel think it is marked with a removable_disk_device_t? Dan