A policy for smartmontools exists within the selinux-base-policy-20070928 source, but there is no corresponding sec-policy/selinux-smartmontools package available. smartd has problems gathering data when selinux is set to strict/enforcing without this policy in place (I have not tested targeted/enforcing). It runs as system_u:system_r:initrc_t and has no access to the disks. Installing the policy seems to have fixed the problems. After this ebuild is created, the ebuild for sys-apps/smartmontools should be updated to add in the selinux use flag. Reproducible: Always Steps to Reproduce: 1. emerge smartmontools 2. Start the smartd daemon 3. Set selinux to enforcing mode Actual Results: smartd cannot access the hard disks without the policy in place. Expected Results: smartd should have been able to gather SMART information from the drive. This is fixed with the policy in place. smartd.log: Device: /dev/hda, Permission denied, open() failed audit.log: type=AVC msg=audit(1221128467.385:2615): avc: denied { read } for pid=3178 comm="smartd" name="hda" dev=tmpfs ino=2326 scontext=system_u:system_r:initrc_t tcontext=system_u:o bject_r:fixed_disk_device_t tclass=blk_file type=SYSCALL msg=audit(1221128467.385:2615): arch=40000003 syscall=5 success=no exit=-13 a0=8097298 a1=800 a2=8098588 a3=806b779 items=0 ppid=1 pid=3178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="smartd" exe="/usr/sbin/smartd" subj=system_u:system_r:initrc_t key=(null)
Created attachment 165210 [details] ebuild which installs the policy
Included in selinux-smartmon-20101213
Can we close this?
*** Bug 328303 has been marked as a duplicate of this bug. ***