Bug 445618 - SELinux is blocking smartd
Summary: SELinux is blocking smartd
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-08 01:10 UTC by Leslie Brooks
Modified: 2008-05-08 15:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-08 15:25:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SELinux error report (2.41 KB, text/plain)
2008-05-08 01:10 UTC, Leslie Brooks
no flags Details

Description Leslie Brooks 2008-05-08 01:10:34 UTC
Description of problem:
SELinux popped up a block message saying that smartd had violated the rules.  I
suspect that smartd is behaving properly and that SELinux is at fault, but I
haven't the slightest bit of proof.

Version-Release number of selected component (if applicable):


How reproducible:
 Don't know; I have had the system running for fifteen or twenty minutes and it
just popped up.  However, it didn't happen previously when I had the system
running far longer.

Steps to Reproduce:
1. Probably crucial, run 'hdparm -S 6 /dev/sdb'; this causes the drive motor to
spin down after 30 seconds of inactivity.  I did _not_ do that previously but
_did_ do that today, and got the error shortly after that.
2. run 'hdparm -C /dev/sdb' to confirm that it has spun down
3. Some minutes later the error message popped up.
  
Actual results:
 See attached SELinux report.

Expected results:


Additional info:
This is with the April beta; I will try to reproduce it with this month's
Preview release.

Comment 1 Leslie Brooks 2008-05-08 01:10:34 UTC
Created attachment 304823 [details]
SELinux error report

Comment 2 Daniel Walsh 2008-05-08 15:25:55 UTC
You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-48.fc9.noarch


Note You need to log in before you can comment on or make changes to this bug.