Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:infrastructure:monitoring
prometheus-smartctl_exporter
_hardening.txt
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _hardening.txt of Package prometheus-smartctl_exporter
The exporter must run as root due the underlying smartctl requiring root access (see https://www.smartmontools.org/ticket/1064 for an explanation). Instead of the upstream systemd unit file a custom one with additional hardening options is used on top of an AppArmor profile. Notes: - PrivateUsers cannot be used - CAP_SYS_RAWIO is required for smartctl to read device attributes (SCSI commands / SG_IO) Mysteries: Why does ProtectClock=yes cause level=error msg="Device open failed, device did not return an IDENTIFY DEVICE structure, or device is in a low-power mode" device=sdX level=error msg="Smartctl open device: /dev/sdX failed: Operation not permitted" on *some* hardware?
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor