This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 459369 - 3Ware raid /devtwa labels
3Ware raid /devtwa labels
Status: CLOSED DUPLICATE of bug 232218
Product: Fedora
Classification: Fedora
Component: smartmontools (Show other bugs)
8
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Smetana
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-17 17:46 EDT by David Highley
Modified: 2008-08-18 07:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-18 07:08:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Highley 2008-08-17 17:46:33 EDT
Description of problem:
Followed previous documented process for labeling device entries but they do not survive reboots.

Version-Release number of selected component (if applicable):
3.0.8-113.fc8

How reproducible:
Reboot system

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Aug 17 13:44:13 douglas smartd[3059]: smartd version 5.38 [x86_64-redhat-linux-g
nu] Copyright (C) 2002-8 Bruce Allen
Aug 17 13:44:13 douglas smartd[3059]: Home page is http://smartmontools.sourcefo
rge.net/#012
Aug 17 13:44:13 douglas smartd[3059]: Opened configuration file /etc/smartd.conf
Aug 17 13:44:13 douglas smartd[3059]: Configuration file /etc/smartd.conf parsed
.
Aug 17 13:44:13 douglas smartd[3059]: Device: /dev/twa0 [3ware_disk_00], File ex
ists, open() failed
Aug 17 13:44:13 douglas smartd[3059]: Unable to register ATA device /dev/twa0 [3
ware_disk_00] at line 31 of file /etc/smartd.conf
Aug 17 13:44:13 douglas smartd[3059]: Device /dev/twa0 [3ware_disk_00] not avail
able
Aug 17 13:44:13 douglas smartd[3059]: Monitoring 0 ATA and 0 SCSI devices
Aug 17 13:44:13 douglas smartd[3062]: smartd has fork()ed into background mode. 
New PID=3062.
Aug 17 13:44:14 douglas setroubleshoot: SELinux is preventing smartd (fsdaemon_t
) "getattr" access to device /dev/twa0. For complete SELinux messages. run seale
rt -l b3042a02-98ad-427c-8c8b-15b89e80edfd
sealert -l b3042a02-98ad-427c-8c8b-15b89e80edfd

Summary:

SELinux is preventing smartd (fsdaemon_t) "getattr" access to device /dev/twa0.

Detailed Description:

SELinux has denied the smartd (fsdaemon_t) "getattr" access to device /dev/twa0.
/dev/twa0 is mislabeled, this device has the default label of the /dev
directory, which should not happen. All Character and/or Block Devices should
have a label. You can attempt to change the label of the file using restorecon
-v '/dev/twa0'. If this device remains labeled device_t, then this is a bug in
SELinux policy. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR,
and find a type that would work for /dev/twa0, you can use chcon -t SIMILAR_TYPE
'/dev/twa0', If this fixes the problem, you can make this permanent by executing
semanage fcontext -a -t SIMILAR_TYPE '/dev/twa0' If the restorecon changes the
context, this indicates that the application that created the device, created it
without using SELinux APIs. If you can figure out which application created the
device, please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this application.

Allowing Access:

Attempt restorecon -v '/dev/twa0' or chcon -t SIMILAR_TYPE '/dev/twa0'

Additional Information:

Source Context                system_u:system_r:fsdaemon_t:s0
Target Context                system_u:object_r:device_t:s0
Target Objects                /dev/twa0 [ chr_file ]
Source                        smartd
Source Path                   /usr/sbin/smartd
Port                          <Unknown>
Host                          douglas
Source RPM Packages           smartmontools-5.38-1.fc8
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-113.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   device
Host Name                     douglas
Platform                      Linux douglas 2.6.25.14-69.fc8 #1 SMP Mon Aug 4
                              14:00:45 EDT 2008 x86_64 x86_64
Alert Count                   22
First Seen                    Thu Jul  3 15:51:04 2008
Last Seen                     Sun Aug 17 13:44:13 2008
Local ID                      b3042a02-98ad-427c-8c8b-15b89e80edfd
Line Numbers                  

Raw Audit Messages            

host=douglas type=AVC msg=audit(1219005853.726:9): avc:  denied  { getattr } for  pid=3059 comm="smartd" path="/dev/twa0" dev=tmpfs ino=7942 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file

host=douglas type=SYSCALL msg=audit(1219005853.726:9): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3db47c60 a1=7fff3db47b90 a2=7fff3db47b90 a3=439cda items=0 ppid=3058 pid=3059 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smartd" exe="/usr/sbin/smartd" subj=system_u:system_r:fsdaemon_t:s0 key=(null)


Expected results:


Additional info:
I tried the sealert recommendation it does not work across reboots. Adding the following to the /etc/rc.local file is a work around:
chcon -v -t fixed_disk_device_t /dev/twa[0-9]*
service smartd restart
Comment 1 Daniel Walsh 2008-08-18 07:08:27 EDT
This is a bug in the smart or raid tools for not creating the device with the correct context.

If you run restorecon /dev/tw*

It will fix the context, so the machine knows the correct context.  Most devices on the machine are created by udev, which creates them with the correct context.

You could add the restorecon to your init scripts after the device is created, until you get a fix from those tools.

*** This bug has been marked as a duplicate of bug 232218 ***

Note You need to log in before you can comment on or make changes to this bug.