2157175 – selinux denies apcupsd shutdown via logind

Bug 2157175 - selinux denies apcupsd shutdown via logind

Summary: selinux denies apcupsd shutdown via logind

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	37
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-31 16:12 UTC by scott.robinson55
Modified:	2023-01-19 06:10 UTC (History)
CC List:	7 users (show)
Fixed In Version:	selinux-policy-37.18-1.fc37
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-19 06:10:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	fedora-selinux selinux-policy pull 1542	0	None	open	Allow apcupsd dbus chat with systemd-logind	2023-01-03 19:09:42 UTC

Description scott.robinson55 2022-12-31 16:12:40 UTC

Description of problem: During recent power outage, apcupsd failed to perform orderly shutdowm.

excerpt from logs:

Dec 29 08:38:26 minipc apcupsd[660]: Power failure.
Dec 29 08:38:32 minipc apcupsd[660]: Running on UPS batteries.
Dec 29 08:41:25 minipc apcupsd[660]: Battery power exhausted.
Dec 29 08:41:25 minipc apcupsd[660]: Initiating system shutdown!
Dec 29 08:41:25 minipc apcupsd[660]: User logins prohibited
Dec 29 08:41:25 minipc audit[516]: USER_AVC pid=516 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='
avc:  denied  { send_msg } for  scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus permissive=0#012 exe="/usr/bin/dbus-broker" sauid=81 hostname=? addr=? terminal=?'
Dec 29 08:41:25 minipc apcupsd[694]: Failed to set wall message, ignoring: Access denied
Dec 29 08:41:25 minipc audit[516]: USER_AVC pid=516 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for  scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus permissive=0#012 exe="/usr/bin/dbus-broker" sauid=81 hostname=? addr=? terminal=?'
Dec 29 08:41:25 minipc apcupsd[694]: Failed to halt system via logind: Access denied

Work around:
#]  semanage permissive -a apcupsd_t

Comment 1 Fedora Update System 2023-01-16 14:34:37 UTC

FEDORA-2023-e672cff7c6 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e672cff7c6

Comment 2 Fedora Update System 2023-01-17 02:40:13 UTC

FEDORA-2023-e672cff7c6 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e672cff7c6`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e672cff7c6

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 3 Fedora Update System 2023-01-19 06:10:48 UTC

FEDORA-2023-e672cff7c6 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.