Bug 244375 - apcupsd won't start from init script for UPS on external serial port
apcupsd won't start from init script for UPS on external serial port
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: apcupsd (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Orion Poplawski
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-15 06:19 EDT by Andre Robatino
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-13 07:08:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
image of audit avc: denied messages when shutting down UPS monitoring on reboot/shutdown (513.60 KB, image/jpeg)
2007-06-26 15:10 EDT, Andre Robatino
no flags Details

  None (edit)
Description Andre Robatino 2007-06-15 06:19:29 EDT
Description of problem:
  I have a simple-signalling (dumb) UPS connected to the external serial port
/dev/ttyS0, apcupsd installed, and apcupsd selected in system-config-services. 
But apcupsd can't be started from there (if attempted, the status reads "apcupsd
dead but pid file exists"), and it doesn't start automatically.  The following
appears in /var/log/messages:

Jun 15 06:13:33 localhost apcupsd[8861]: apcupsd FATAL ERROR in dumbsetup.c at l
ine 53 Cannot open UPS port /dev/ttyS0: Permission denied 
Jun 15 06:13:33 localhost apcupsd[8861]: apcupsd error shutdown completed

However, apcupsd can be started from the command line as root, and appears to
work normally after that.  I have apcupsd.conf configured with the customized
lines (yes, the cable is correctly specified, and this configuration has worked
properly in past versions of Fedora):

UPSCABLE 940-0023A
UPSTYPE dumb
DEVICE /dev/ttyS0

Version-Release number of selected component (if applicable):
apcupsd-3.14.1-1.fc7

How reproducible:
always
Comment 1 Andre Robatino 2007-06-15 06:20:33 EDT
  Should have specified that the UPS is an APC Back-UPS 650.
Comment 2 Andre Robatino 2007-06-15 07:00:08 EDT
  Same failure using "service apcupsd start" on the command line as root. 
However, "apcupsd" works fine.
Comment 3 Andre Robatino 2007-06-15 08:54:26 EDT
  I've changed the bug summary, as original title was misleading.  Also should
mention that "service apcupsd stop" works, so it's only in starting apcupsd that
the init script fails.
Comment 4 Andre Robatino 2007-06-15 09:27:12 EDT
  It turns out that the PID file /var/run/apcupsd.pid, which is created by the
apcupsd process itself, is created after "service apcupsd start", so apparently
the apcupsd process DOES start from the init script, but almost immediately dies.
Comment 5 Orion Poplawski 2007-06-15 13:50:47 EDT
I can't reproduce myself.

What's the output of ls -Z /dev/ttyS0?

Also, try "restorecon -r -v /usr/sbin/apcupsd" and see what happens.

Are there any avc denial messages in /var/log/messages?


Note that I'm about to leave for vacation, so I won't be able to respond for a
while.  I'm adding Daniel Walsh to bug in case it does turn out to be an SELinux
issue.

Comment 6 Andre Robatino 2007-06-15 15:01:48 EDT
[root@localhost ~]# ls -Z /dev/ttyS0
crw-rw----  root uucp system_u:object_r:tty_device_t   /dev/ttyS0
[root@localhost ~]# restorecon -r -v /usr/sbin/apcupsd
[root@localhost ~]#

After this, no change in behavior.  I haven't made any manual changes in SELinux
since I don't understand it.  It's in the default Enforcing mode set at install
time.
Comment 7 Andre Robatino 2007-06-15 16:58:01 EDT
  Also, the only error messages in /var/log/messages are the ones I posted above.
Comment 8 Daniel Walsh 2007-06-18 10:25:12 EDT
Look for messages in /var/log/audit/audit.log

I am changing the policy in selinux-policy-targeted-2.6.4-17.fc7 to allow
apcupsd to use tty. 
Comment 9 Andre Robatino 2007-06-18 10:47:50 EDT
  Grepping for apcupsd in /var/log/audit/audit.log yields nothing. 
Comment 10 Andre Robatino 2007-06-26 02:27:01 EDT
  With the latest selinux-policy*2.6.4-21* updates, apcupsd now starts and stays
up at boot time, and with "service apcupsd start".  When shutting down or
rebooting, right after "Shutting down UPS monitoring:", it prints two multiline
error messages involving "audit" and "avc".  Unfortunately, they don't seem to
be logged anywhere, either in /var/log/messages or /var/log/audit/audit.log. 
Other than that, everything seems fine now.
Comment 11 Daniel Walsh 2007-06-26 06:08:29 EDT
Nothing in dmesg?
Comment 12 Daniel Walsh 2007-06-26 06:09:07 EDT
Also does this happen on service apcupsd stop or just full system shutdown?
Comment 13 Andre Robatino 2007-06-26 06:36:54 EDT
  Nothing in dmesg either (although isn't that a subset of /var/log/messages? 
I've never seen anything in dmesg that wasn't in /var/log/messages).  I don't
get the error messages with "service apcupsd stop" either.  They only appear on
the console at shutdown or reboot.  I could try capturing them with my digital
camera if that would help, though they go by fairly fast and I'm not sure I can
get a good image.
Comment 14 Orion Poplawski 2007-06-26 12:09:50 EDT
Perhaps you could try moving /etc/rc6.d/K99apcupsd to /etc/rc6.d/K87apcupsd so
that it runs before syslogd and auditd are shutdown, and then do a reboot.
Comment 15 Andre Robatino 2007-06-26 12:23:39 EDT
  I tried your suggestion, but this time there were no error messages anywhere,
either in the above mentioned log files, or on the console when shutting down
UPS monitoring during reboot.
Comment 16 Andre Robatino 2007-06-26 15:10:20 EDT
Created attachment 157940 [details]
image of audit avc: denied messages when shutting down UPS monitoring on reboot/shutdown
Comment 17 Daniel Walsh 2007-06-27 08:30:10 EDT
Ok, I can't dontaudit those, but I actually think Orion's suggestion was
correct.  apcuostd should be shutdown before audit daemon.
Comment 18 Andre Robatino 2007-07-03 09:00:38 EDT
  Changed the summary title, since the fact that it's a dumb UPS had nothing to
do with the problem.
Comment 19 Andre Robatino 2007-07-07 10:54:37 EDT
  After yesterday's updates, including selinux-policy*2.6.4-25.fc7, the audit
avc: denied messages don't appear anymore on reboot/shutdown, even though
/etc/rc6.d/K99apcupsd is still in the same place.
Comment 20 Andre Robatino 2007-07-12 20:48:16 EDT
  As far as I can tell, this bug is completely fixed.  The avc: denied messages
are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates.  Should I
close this bug?
Comment 21 Andrew Piziali 2007-08-27 17:00:44 EDT
(In reply to comment #20)

>   As far as I can tell, this bug is completely fixed.  The avc: denied messages
> are still gone as of the latest selinux-policy*2.6.4-26.fc7 updates.  Should I
> close this bug?

As a FC6 user, what SELinux policy change is required to allow apcupsd to be run
from init?

Thanks!

Note You need to log in before you can comment on or make changes to this bug.