Description of problem: I get no statistics regarding the harddisk. In the log files I have always this message: audit(1157232904.384:952): avc: denied { append } for pid=464 comm="smartctl" name="munin-node.log" dev=hda3 ino=10148693 scontext=user_u:system_r:fsadm_t:s0 tcontext=user_u:object_r:var_log_t:s0 tclass=file The selinux version is "enforcing". Version-Release number of selected component (if applicable): Munin and selinux are both the latest version. (updated today 2.9.06) Munin 1.2.4-9.fc5 selinux-policy 2.3.7-2.fc5 How reproducible: Just install munin in default mode. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Statistics about my hard-disk. :) Additional info:
Thanks for the report. I will see what needs to be done to get this working. Likely it will require changes to the selinux restrictive policy...
Thanks. I probably have to clarify. What I do not get is the "Sensors :: HDD temperature". I do get the Inode statistics. Just in case you were thinking about the wrong statistics. Another thing: Should I open up a new ticket for a similar problem but with the sendmail statistics? There I get: "mailstats: /var/log/mail/statistics: Permission denied" Here it is not a selinux problem, but a general permission problem. imho (Or at least I have no entries in /val/log/messages)
Sorry for the delay in getting back to you on this bug. A few questions to help pinpoint things: - What is SELINUXTYPE set to in /etc/sysconfig/selinux? - What is in your /etc/munin/plugin-conf.d/sendmail file?
No problem. I had other (more important) stuff to do as well :) [root@ras ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0 [root@ras ~]# cat /etc/munin/plugin-conf.d/sendmail [sendmail*] user root env.mspqueue /var/spool/clientmqueue
Is there anything I can help with?
Sorry about the delay... Basically selinux is preventing the 'smartctl' program from appending to the munin-node.log. In normal cases it shouldn't need to log anything there. Can you run the following and tell me the output: su munin -s /bin/bash -c '/etc/munin/plugins/hddtemp_smartctl' On the sendmail issue, where are you seeing that error? in the /var/log/munin/ munin-node.log? Have you restarted munin node recently? The /etc/munin/plugin- conf.d/sendmail file should tell it to run that plugin as root and it should be able to read the mail stats that way.
no problem. When I enter the mentioned command above I get no output at all. I haven't restarted the munin-node for the past 2 month or so. But I did it now. And the sendmail messages seem to be gone. I will check later if I get some statistics now as well. But the smartctl error remains.
ok. Humm... can you create a /etc/munin/plugin-conf.d/hddtemp_smartctl file and put in it: [hddtemp_smartctl] user root And restart munin-node and see if that solves the hdtemp issue?
yupp. that was it. I get now statistics for both modules. Thank you very much. (I leave the ticket open, in case you need to write something more. From my side it is closed)
ok. I have just pushed out a update to munin 1.2.5 that includes this fix. I am going to close this bug now, but if you spot any problems with the new version, feel free to re-open or file a new bug. Thanks again for the bugreport.