Bug 131696 - smartd fails to start
Summary: smartd fails to start
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC3Target FC4Target
TreeView+ depends on / blocked
 
Reported: 2004-09-03 11:18 UTC by Leonard den Ottolander
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-12 19:56:53 UTC


Attachments (Terms of Use)

Description Leonard den Ottolander 2004-09-03 11:18:41 UTC
smartd fails to start at system startup.

selinux-policy-strict-1.17.8-2

Sep  3 12:34:03 k6-joy kernel: audit(1094207643.610:0): avc:  denied 
{ read } for  pid=1569 exe=/usr/sbin/smartd name=hda dev=hda6
ino=101218 scontext=system_u:system_r:fsdaemon_t
tcontext=system_u:object_r:removable_device_t tclass=blk_file

Comment 1 Bruce Allen 2004-09-07 12:53:54 UTC
Leonard,

Can you identify more precisely what is going wrong?  For example,
is the problem with smartd itself, with permissions, or with the init
script?

Cheers,
   Bruce Allen

Comment 2 Leonard den Ottolander 2004-09-07 13:48:35 UTC
I assumed it's just the policy denying smartd access to the device... 

You might want to compare the boot messages in attachment 103430 [details] which
is attached to bug 130992. Forgot to add those log entries here.


Comment 3 Daniel Walsh 2004-09-09 17:32:05 UTC
Is hda6 a removable device?  Or was it incorrectly labeled?

Dan

Comment 4 Leonard den Ottolander 2004-09-09 21:51:19 UTC
No hda6 is *not* a removable device, it is the root partition on a
fixed HD. And no, it is not incorrectly labeled. Behaviour just broke
on policy update.


Comment 5 Daniel Walsh 2004-09-13 15:09:51 UTC
So ls -Z /dev/hda6 shows it as a fixed device?

Comment 6 Bruce Allen 2004-09-14 00:40:14 UTC
Leonard, Daniel,

I'm the principal smartmontools author, but don't understand if there
is something in smartmontools itself that requires modification here,
or if the problem is elsewhere.  open() fails, apparently because of
policy.  The log message (no -d removable) simply indicates that
smartd expects open() to work every time on this device: it's not
listed in /etc/smartd.conf as a removable device.

Please let me know if you think that there is something to be fixed
upstream; for now I can't see anything that I can offer to help.

One final comment: smartd (and SMART in general) operates on an entire
device, eg /dev/hda, not on a single partition of that device (eg,
/dev/hda6).   However for what it's worth, you can list a partition in
 /etc/smartd.conf, rather than the entire device.  So perhaps listing a 
specific partition in /etc/smartd.conf, rather than /dev/hda, could be
used to advantage?

Cheers,
     Bruce

Comment 7 Leonard den Ottolander 2004-09-14 12:00:34 UTC
Bruce,

Since the current state of selinux-policy-strict gives me an avc
denied {execute} for pid=1 on my K6 test box I can't currently tell
you anything about the current state of the policy wrt smartd...


Comment 8 Daniel Walsh 2004-09-15 20:09:38 UTC
Bruce, this is more than likely an SELinux problem.  It should not
require any changes to smartd.  The problem reported states that
smartd tried to access a removable_device_t (/dev/hda6)  The problem
is that this is not allowed.  SELinux policy requires that smartd work
with fixed_disk_device_t.  So the question is why is /dev/hda6 marked
as  a removable disk, or if not why does the kernel think it is marked
with a removable_disk_device_t?

Dan


Note You need to log in before you can comment on or make changes to this bug.