Description of problem:
I have a simple-signalling (dumb) UPS connected to the external serial port
/dev/ttyS0, apcupsd installed, and apcupsd selected in system-config-services.
But apcupsd can't be started from there (if attempted, the status reads "apcupsd
dead but pid file exists"), and it doesn't start automatically. The following
appears in /var/log/messages:
Jun 15 06:13:33 localhost apcupsd: apcupsd FATAL ERROR in dumbsetup.c at l
ine 53 Cannot open UPS port /dev/ttyS0: Permission denied
Jun 15 06:13:33 localhost apcupsd: apcupsd error shutdown completed
However, apcupsd can be started from the command line as root, and appears to
work normally after that. I have apcupsd.conf configured with the customized
lines (yes, the cable is correctly specified, and this configuration has worked
properly in past versions of Fedora):
Version-Release number of selected component (if applicable):
Should have specified that the UPS is an APC Back-UPS 650.
Same failure using "service apcupsd start" on the command line as root.
However, "apcupsd" works fine.
I've changed the bug summary, as original title was misleading. Also should
mention that "service apcupsd stop" works, so it's only in starting apcupsd that
the init script fails.
It turns out that the PID file /var/run/apcupsd.pid, which is created by the
apcupsd process itself, is created after "service apcupsd start", so apparently
the apcupsd process DOES start from the init script, but almost immediately dies.
I can't reproduce myself.
What's the output of ls -Z /dev/ttyS0?
Also, try "restorecon -r -v /usr/sbin/apcupsd" and see what happens.
Are there any avc denial messages in /var/log/messages?
Note that I'm about to leave for vacation, so I won't be able to respond for a
while. I'm adding Daniel Walsh to bug in case it does turn out to be an SELinux
[root@localhost ~]# ls -Z /dev/ttyS0
crw-rw---- root uucp system_u:object_r:tty_device_t /dev/ttyS0
[root@localhost ~]# restorecon -r -v /usr/sbin/apcupsd
After this, no change in behavior. I haven't made any manual changes in SELinux
since I don't understand it. It's in the default Enforcing mode set at install
Also, the only error messages in /var/log/messages are the ones I posted above.
Look for messages in /var/log/audit/audit.log
I am changing the policy in selinux-policy-targeted-2.6.4-17.fc7 to allow
apcupsd to use tty.
Grepping for apcupsd in /var/log/audit/audit.log yields nothing.
With the latest selinux-policy*2.6.4-21* updates, apcupsd now starts and stays
up at boot time, and with "service apcupsd start". When shutting down or
rebooting, right after "Shutting down UPS monitoring:", it prints two multiline
error messages involving "audit" and "avc". Unfortunately, they don't seem to
be logged anywhere, either in /var/log/messages or /var/log/audit/audit.log.
Other than that, everything seems fine now.
Nothing in dmesg?
Also does this happen on service apcupsd stop or just full system shutdown?
Nothing in dmesg either (although isn't that a subset of /var/log/messages?
I've never seen anything in dmesg that wasn't in /var/log/messages). I don't
get the error messages with "service apcupsd stop" either. They only appear on
the console at shutdown or reboot. I could try capturing them with my digital
camera if that would help, though they go by fairly fast and I'm not sure I can
get a good image.
Perhaps you could try moving /etc/rc6.d/K99apcupsd to /etc/rc6.d/K87apcupsd so
that it runs before syslogd and auditd are shutdown, and then do a reboot.
I tried your suggestion, but this time there were no error messages anywhere,
either in the above mentioned log files, or on the console when shutting down
UPS monitoring during reboot.
Created attachment 157940 [details]
image of audit avc: denied messages when shutting down UPS monitoring on reboot/shutdown
Ok, I can't dontaudit those, but I actually think Orion's suggestion was
correct. apcuostd should be shutdown before audit daemon.
Changed the summary title, since the fact that it's a dumb UPS had nothing to
do with the problem.
After yesterday's updates, including selinux-policy*2.6.4-25.fc7, the audit
avc: denied messages don't appear anymore on reboot/shutdown, even though
/etc/rc6.d/K99apcupsd is still in the same place.
As far as I can tell, this bug is completely fixed. The avc: denied messages
are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates. Should I
close this bug?
(In reply to comment #20)
> As far as I can tell, this bug is completely fixed. The avc: denied messages
> are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates. Should I
> close this bug?
As a FC6 user, what SELinux policy change is required to allow apcupsd to be run