Summary: SELinux is preventing /usr/sbin/smartd "mknod" access . Detailed Description: SELinux denied access requested by smartd. It is not expected that this access is required by smartd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:system_r:fsdaemon_t:s0 Target Objects None [ capability ] Source smartd Source Path /usr/sbin/smartd Port <Unknown> Host (removed) Source RPM Packages smartmontools-5.39.1-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-39.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Mon 02 Aug 2010 12:06:39 PM PDT Last Seen Mon 02 Aug 2010 12:06:39 PM PDT Local ID 36253bd1-003b-4d3b-a803-0eeeee112db3 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1280775999.618:15): avc: denied { mknod } for pid=2225 comm="smartd" capability=27 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=capability node=(removed) type=SYSCALL msg=audit(1280775999.618:15): arch=c000003e syscall=133 success=no exit=-1 a0=7fff999dbb50 a1=2180 a2=f800 a3=7fc3b8de04d0 items=0 ppid=2224 pid=2225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smartd" exe="/usr/sbin/smartd" subj=system_u:system_r:fsdaemon_t:s0 key=(null) Hash String generated from catchall,smartd,fsdaemon_t,fsdaemon_t,capability,mknod audit2allow suggests: #============= fsdaemon_t ============== allow fsdaemon_t self:capability mknod;
This seems to be a regression with my last yum update & reboot around 1900Z 2010-08-2. This machine has a 3ware 9650SE RAID card. I used to see selinux complain about the context of the /dev/twX devices that are necessary to see the individual discs in the array after a reboot, since F8, I can't recall when the problem was solved, alas.
Miroslav can you add allow $1 self:capability mknod; to storage_create_fixed_disk_dev Then turning on smartmon_3ware boolean will give you this access.
Fixed in selinux-policy-3.7.19-44.fc13.noarch
selinux-policy-3.7.19-44.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-44.fc13
selinux-policy-3.7.19-44.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-44.fc13
selinux-policy-3.7.19-44.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.