Description of problem: I have a simple-signalling (dumb) UPS connected to the external serial port /dev/ttyS0, apcupsd installed, and apcupsd selected in system-config-services. But apcupsd can't be started from there (if attempted, the status reads "apcupsd dead but pid file exists"), and it doesn't start automatically. The following appears in /var/log/messages: Jun 15 06:13:33 localhost apcupsd[8861]: apcupsd FATAL ERROR in dumbsetup.c at l ine 53 Cannot open UPS port /dev/ttyS0: Permission denied Jun 15 06:13:33 localhost apcupsd[8861]: apcupsd error shutdown completed However, apcupsd can be started from the command line as root, and appears to work normally after that. I have apcupsd.conf configured with the customized lines (yes, the cable is correctly specified, and this configuration has worked properly in past versions of Fedora): UPSCABLE 940-0023A UPSTYPE dumb DEVICE /dev/ttyS0 Version-Release number of selected component (if applicable): apcupsd-3.14.1-1.fc7 How reproducible: always
Should have specified that the UPS is an APC Back-UPS 650.
Same failure using "service apcupsd start" on the command line as root. However, "apcupsd" works fine.
I've changed the bug summary, as original title was misleading. Also should mention that "service apcupsd stop" works, so it's only in starting apcupsd that the init script fails.
It turns out that the PID file /var/run/apcupsd.pid, which is created by the apcupsd process itself, is created after "service apcupsd start", so apparently the apcupsd process DOES start from the init script, but almost immediately dies.
I can't reproduce myself. What's the output of ls -Z /dev/ttyS0? Also, try "restorecon -r -v /usr/sbin/apcupsd" and see what happens. Are there any avc denial messages in /var/log/messages? Note that I'm about to leave for vacation, so I won't be able to respond for a while. I'm adding Daniel Walsh to bug in case it does turn out to be an SELinux issue.
[root@localhost ~]# ls -Z /dev/ttyS0 crw-rw---- root uucp system_u:object_r:tty_device_t /dev/ttyS0 [root@localhost ~]# restorecon -r -v /usr/sbin/apcupsd [root@localhost ~]# After this, no change in behavior. I haven't made any manual changes in SELinux since I don't understand it. It's in the default Enforcing mode set at install time.
Also, the only error messages in /var/log/messages are the ones I posted above.
Look for messages in /var/log/audit/audit.log I am changing the policy in selinux-policy-targeted-2.6.4-17.fc7 to allow apcupsd to use tty.
Grepping for apcupsd in /var/log/audit/audit.log yields nothing.
With the latest selinux-policy*2.6.4-21* updates, apcupsd now starts and stays up at boot time, and with "service apcupsd start". When shutting down or rebooting, right after "Shutting down UPS monitoring:", it prints two multiline error messages involving "audit" and "avc". Unfortunately, they don't seem to be logged anywhere, either in /var/log/messages or /var/log/audit/audit.log. Other than that, everything seems fine now.
Nothing in dmesg?
Also does this happen on service apcupsd stop or just full system shutdown?
Nothing in dmesg either (although isn't that a subset of /var/log/messages? I've never seen anything in dmesg that wasn't in /var/log/messages). I don't get the error messages with "service apcupsd stop" either. They only appear on the console at shutdown or reboot. I could try capturing them with my digital camera if that would help, though they go by fairly fast and I'm not sure I can get a good image.
Perhaps you could try moving /etc/rc6.d/K99apcupsd to /etc/rc6.d/K87apcupsd so that it runs before syslogd and auditd are shutdown, and then do a reboot.
I tried your suggestion, but this time there were no error messages anywhere, either in the above mentioned log files, or on the console when shutting down UPS monitoring during reboot.
Created attachment 157940 [details] image of audit avc: denied messages when shutting down UPS monitoring on reboot/shutdown
Ok, I can't dontaudit those, but I actually think Orion's suggestion was correct. apcuostd should be shutdown before audit daemon.
Changed the summary title, since the fact that it's a dumb UPS had nothing to do with the problem.
After yesterday's updates, including selinux-policy*2.6.4-25.fc7, the audit avc: denied messages don't appear anymore on reboot/shutdown, even though /etc/rc6.d/K99apcupsd is still in the same place.
As far as I can tell, this bug is completely fixed. The avc: denied messages are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates. Should I close this bug?
(In reply to comment #20) > As far as I can tell, this bug is completely fixed. The avc: denied messages > are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates. Should I > close this bug? As a FC6 user, what SELinux policy change is required to allow apcupsd to be run from init? Thanks!