Description of problem: I am just running upsmon as a service and I am seeing that SELinux is denying it from doing it's job. SELinux is preventing /usr/sbin/upsmon from using the 'kill' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that upsmon should have the kill capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep upsmon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:nut_upsmon_t:s0 Target Context system_u:system_r:nut_upsmon_t:s0 Target Objects Unknown [ capability ] Source upsmon Source Path /usr/sbin/upsmon Port <Unknown> Host (removed) Source RPM Packages nut-client-2.7.3-2.fc22.x86_64 nut-2.7.3-2.fc22.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-128.18.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.3-200.fc22.x86_64 #1 SMP Thu Oct 8 03:23:55 UTC 2015 x86_64 x86_64 Alert Count 7 First Seen 2015-06-02 10:25:01 CDT Last Seen 2015-10-30 16:36:31 CDT Local ID b6fad42a-6e20-478b-9658-321458ef8d6b Raw Audit Messages type=AVC msg=audit(1446240991.65:1658): avc: denied { kill } for pid=9342 comm="upsmon" capability=5 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:system_r:nut_upsmon_t:s0 tclass=capability permissive=0 type=SYSCALL msg=audit(1446240991.65:1658): arch=x86_64 syscall=kill success=no exit=EPERM a0=50a a1=0 a2=0 a3=0 items=0 ppid=9095 pid=9342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=upsmon exe=/usr/sbin/upsmon subj=system_u:system_r:nut_upsmon_t:s0 key=(null) Hash: upsmon,nut_upsmon_t,nut_upsmon_t,capability,kill Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.3-200.fc22.x86_64 type: libreport Potential duplicate: bug 1217266
Description of problem: The problem happens when upsmon is installed and executed when selinux is enabled. Version-Release number of selected component: selinux-policy-3.13.1-128.18.fc22.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-201.fc22.x86_64 type: libreport
I failed to reproduce the issue (the AVC doesn't show up without an UPS connected) and therefore couldn't test the fix. If the problem persists, please reopen this bug. https://github.com/fedora-selinux/selinux-policy/pull/84
selinux-policy-3.13.1-128.25.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-825869e1a4
selinux-policy-3.13.1-128.25.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-825869e1a4
selinux-policy-3.13.1-128.27.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.27.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.