Bug 236943 - apcupsd cannot do network access
apcupsd cannot do network access
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2007-04-18 12:28 EDT by Orion Poplawski
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.6.4-42.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-13 11:25:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2007-04-18 12:28:50 EDT
Description of problem:

Trying to run apcupsd in client mode accessing a remote server and getting:

Apr 18 10:19:22 saga kernel: audit(1176913162.748:569): avc:  denied  { create }
for  pid=3928 comm="apcupsd" scontext=system_u:system_r:apcupsd_t:s0
tcontext=system_u:system_r:apcupsd_t:s0 tclass=udp_socket
Apr 18 10:19:22 saga apcupsd[3928]: fetch_data: tcp_open failed for alexandria2
port 3551

Version-Release number of selected component (if applicable):

Code snippet.  Presumably it is the socket command that is failing.

   /* Open a TCP socket */
   if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
      net_errmsg = "tcp_open: cannot open stream socket\n";
      return -1;

   /* connect to server */
#if defined HAVE_OPENBSD_OS || defined HAVE_FREEBSD_OS
    * Work around a bug in OpenBSD & FreeBSD userspace pthreads
    * implementations. Rationale is the same as described above.
   fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL));

   if (connect(sockfd, (struct sockaddr *)&tcp_serv_addr, sizeof(tcp_serv_addr))
< 0) {
      asnprintf(net_errbuf, sizeof(net_errbuf),
         _("tcp_open: cannot connect to server %s on port %d.\n"
        "ERR=%s\n"), host, port, strerror(errno));
      net_errmsg = net_errbuf;
      return -1;
Comment 1 Orion Poplawski 2007-04-18 12:39:18 EDT
Turns out I had my own (old) module already loaded.  Pulled that and everything
is okay.
Comment 2 Orion Poplawski 2007-09-05 11:51:02 EDT
Scratch that.  Running on F7 now and seeing the message again:

denied  { create } for  pid=17443 comm="apcupsd"
scontext=root:system_r:apcupsd_t:s0 tcontext=root:system_r:apcupsd_t:s0
Comment 3 Daniel Walsh 2007-09-10 10:53:07 EDT
Looks like it is doing dns lookup, I would guess.  Adding this capability in 

Comment 4 Orion Poplawski 2007-09-13 11:25:44 EDT
Appears to be fixed.

Note You need to log in before you can comment on or make changes to this bug.