Created attachment 447397 [details] A copy of the SELinux Troubleshooter report for this problem. Description of problem: The 'smartd' service provided by the 'smartmontools' package does not have "create" access when used on a RAID drive controlled by a 3ware controller (/dev/tweN). Version-Release number of selected component (if applicable): selinux-policy-3.7.19-54.fc13 smartmontools-5.39.1-1.fc13 How reproducible: Each time the 'smartd' service is started or restarted. Steps to Reproduce: 1. $ sudo service smartd restart 2. SELinux Troubleshooter is triggered with the error. Actual results: The following error messages are written to /var/log/messages: smartd[3983]: Device: /dev/twe0 [3ware_disk_00], open() failed: setup_3ware_nodes("twe", "3w-xxxx") failed smartd[3983]: Device: /dev/twe0 [3ware_disk_01], open() failed: setup_3ware_nodes("twe", "3w-xxxx") failed smartd[3983]: Monitoring 0 ATA and 0 SCSI devices smartd[3985]: smartd has fork()ed into background mode. New PID=3985. setroubleshoot: SELinux is preventing /usr/sbin/smartd "create" access on twe0. For complete SELinux messages. run sealert -l 1b665301-f20c-4bb9-a0c2-4955693e99c2 setroubleshoot: SELinux is preventing /usr/sbin/smartd "create" access on twe0. For complete SELinux messages. run sealert -l 1b665301-f20c-4bb9-a0c2-4955693e99c2 Expected results: The 'smartd' service should have started without error and begun monitoring the disks on the RAID, /dev/twe0. Additional info: The SELinux Troubleshooter report will be attached. It includes the statement: "Please file a bug report."
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Please let me know if there is more information that I can provide about this problem. It has been a recurring problem in Fedora releases (that is, the hardware RAID cannot be monitored because of a conflict with the security policy) -- it gets fixed and then shows up again a few releases later.
Miroslav add storage_create_fixed_disk_dev(fsdaemon_t)
Fixed in selinux-policy-3.7.19-72.fc13
selinux-policy-3.7.19-73.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-73.fc13
selinux-policy-3.7.19-73.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-73.fc13
selinux-policy-3.7.19-73.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to comment #8) > selinux-policy-3.7.19-73.fc13 has been pushed to the Fedora 13 testing > repository. If problems still persist, please make note of it in this bug > report. > If you want to test the update, you can install it with > su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can > provide feedback for this update here: > https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-73.fc13 Unfortunately, the problem still exists in Fedora 13: $ rpm -q smartmontools selinux-policy smartmontools-5.40-3.fc13.x86_64 selinux-policy-3.7.19-73.fc13.noarch After applying the above recent changes and rebooting the following two messages still are appearing in /var/log/messages: smartd[1338]: Device: /dev/twe0 [3ware_disk_00], open() failed: setup_3ware_nodes("twe", "3w-xxxx") failed smartd[1338]: Device: /dev/twe0 [3ware_disk_01], open() failed: setup_3ware_nodes("twe", "3w-xxxx") failed
(In reply to comment #10) I have now upgraded to Fedora 14, and the problem with smartd being unable to open /dev/twe0 is unresolved. Here are the package versions: $ rpm -q smartmontools selinux-policy smartmontools-5.40-3.fc14.x86_64 selinux-policy-3.9.7-20.fc14.noarch I followed the steps provided by the SELinux Troubleshooter to create a local policy, but that did not resolve the problem. Please let me know if a new, separate report is needed.
I guess your problem is with /dev/twe0 labeling. # ls -Z /dev/twe0
My mistake: I followed the instructions provided by the SELinux Troubleshooter, but I had not rebooted. Once I rebooted, the problem was resolved. The smartd service now issues the expected messages in /var/log/messages. Here are the instructions from the SELinux Troubleshooter (Alert Browser): You should report this as a bug. You can generated a local policy module to allow this access. Allow this access for no by executing: # grep smartd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Please let me know if you would like for me to submit a report using the Alert Browser, or if you need some other information in order to update the selinux-policy RPM package. For what it is worth, here is the output of the 'ls -Z' command: $ ls -Z /dev/twe0 crw-------. root root system_u:object_r:fixed_disk_device_t:s0 /dev/twe0
In case it is of some use to someone, here is what it looks like when 'smartd' starts successfully for this drive configuration: smartd[1439]: smartd 5.40 2010-10-16 r3189 [x86_64-redhat-linux-gnu] (local build)#012Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net#012 smartd[1439]: Opened configuration file /etc/smartd.conf smartd[1439]: Configuration file /etc/smartd.conf parsed. smartd[1439]: Device: /dev/twe0 [3ware_disk_00], opened smartd[1439]: Device: /dev/twe0 [3ware_disk_00], found in smartd database. smartd[1439]: Device: /dev/twe0 [3ware_disk_00], enabled SMART Attribute Autosave. smartd[1439]: Device: /dev/twe0 [3ware_disk_00], enabled SMART Automatic Offline Testing. smartd[1439]: Device: /dev/twe0 [3ware_disk_00], is SMART capable. Adding to "monitor" list. smartd[1439]: Device: /dev/twe0 [3ware_disk_01], opened smartd[1439]: Device: /dev/twe0 [3ware_disk_01], found in smartd database. smartd[1439]: Device: /dev/twe0 [3ware_disk_01], enabled SMART Attribute Autosave. smartd[1439]: Device: /dev/twe0 [3ware_disk_01], enabled SMART Automatic Offline Testing. smartd[1439]: Device: /dev/twe0 [3ware_disk_01], is SMART capable. Adding to "monitor" list. smartd[1439]: Monitoring 2 ATA and 0 SCSI devices smartd[1441]: smartd has fork()ed into background mode. New PID=1441.