Bug 240805 - selinux prevents apcupsd from starting
selinux prevents apcupsd from starting
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-21 16:34 EDT by Craig Goodyear
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:03:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Craig Goodyear 2007-05-21 16:34:44 EDT
Description of problem:
With selinux set to enforcing, apcupsd has a fatal error when
trying to start. 

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-69.fc6
selinux-policy-targeted-2.4.6-69.fc6
apcupsd-3.12.4-5.fc6

How reproducible:
Every time.

Steps to Reproduce:
1. try to start apcupsd with selinux enforcing
  
Actual results:
apcupsd will not start

Expected results:
apcupsd should start

Additional info:
The APC UPS is connected through /dev/ttyS0 comm port.

with selinux enforcing the following is entered in
/var/log/messages:
May 21 14:46:28 itox apcupsd[3510]: apcupsd FATAL ERROR in
dumbsetup.c at line 53 Cannot open UPS port /dev/ttyS0: 
Permission denied 
May 21 14:46:28 itox apcupsd[3510]: apcupsd error shutdown completed

with selinux permissive the following is entered in
/var/log/messages:
May 21 14:50:03 itox apcupsd[3640]: apcupsd 3.12.4 (19 August 
2006) redhat startup succeeded
May 21 14:50:03 itox apcupsd[3640]: NIS server startup succeeded
Comment 1 Daniel Walsh 2007-05-22 09:35:25 EDT
Please attach the avc messages from /var/log/audit/audit.log.  

You might also want to install setroubleshoot.
Comment 2 Craig Goodyear 2007-05-22 12:17:27 EDT
Here are the avc messages generated:

May 22 11:05:20 itox kernel: audit(1179849920.498:17): avc: 
denied  { write } for  pid=16610 comm="apcupsd" name="[138631]" 
dev=pipefs ino=138631 scontext=system_u:system_r:apcupsd_t:s0
tcontext=system_u:system_r:unconfined_t:s0 tclass=fifo_file
May 22 11:05:20 itox kernel: audit(1179849920.499:18): avc: 
denied  { write } for  pid=16610 comm="apcupsd" name="[138631]" 
dev=pipefs ino=138631 scontext=system_u:system_r:apcupsd_t:s0
tcontext=system_u:system_r:unconfined_t:s0 tclass=fifo_file
Comment 3 Daniel Walsh 2007-08-14 07:14:49 EDT
Should be fixed in 	selinux-policy-2.4.6-80.fc6
Comment 4 Daniel Walsh 2007-08-22 10:03:02 EDT
Closed as all fixes are in the current release

Note You need to log in before you can comment on or make changes to this bug.