Bug 236943
| Summary: | apcupsd cannot do network access | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7 | CC: | dwalsh |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 2.6.4-42.fc7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-09-13 15:25:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Turns out I had my own (old) module already loaded. Pulled that and everything is okay. Scratch that. Running on F7 now and seeing the message again:
denied { create } for pid=17443 comm="apcupsd"
scontext=root:system_r:apcupsd_t:s0 tcontext=root:system_r:apcupsd_t:s0
tclass=udp_socket
Looks like it is doing dns lookup, I would guess. Adding this capability in selinux-policy-2.6.4-42.fc7.src.rpm Appears to be fixed. |
Description of problem: Trying to run apcupsd in client mode accessing a remote server and getting: Apr 18 10:19:22 saga kernel: audit(1176913162.748:569): avc: denied { create } for pid=3928 comm="apcupsd" scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:system_r:apcupsd_t:s0 tclass=udp_socket Apr 18 10:19:22 saga apcupsd[3928]: fetch_data: tcp_open failed for alexandria2 port 3551 Version-Release number of selected component (if applicable): 2.4.6-57.fc6 Code snippet. Presumably it is the socket command that is failing. /* Open a TCP socket */ if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { net_errmsg = "tcp_open: cannot open stream socket\n"; return -1; } /* connect to server */ #if defined HAVE_OPENBSD_OS || defined HAVE_FREEBSD_OS /* * Work around a bug in OpenBSD & FreeBSD userspace pthreads * implementations. Rationale is the same as described above. */ fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL)); #endif if (connect(sockfd, (struct sockaddr *)&tcp_serv_addr, sizeof(tcp_serv_addr)) < 0) { asnprintf(net_errbuf, sizeof(net_errbuf), _("tcp_open: cannot connect to server %s on port %d.\n" "ERR=%s\n"), host, port, strerror(errno)); net_errmsg = net_errbuf; close(sockfd); return -1; }