Description of problem: SELinux prevents apcupsd from executing apccontrol in enforcing mode Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. Hold the battery test button on your APC ups while running apcupsd and SELinux in enforcing mode. 2. Watch the apcupsd logs and sealert Actual results: Summary SELinux is preventing /usr/sbin/apcupsd (apcupsd_t) "execute" to apccontrol (bin_t). Source Context system_u:system_r:apcupsd_t Target Context system_u:object_r:bin_t Target Objects apccontrol [ file ] Affected RPM Packages apcupsd-3.14.1-1.fc7 [application] Policy RPM selinux-policy-2.6.4-14.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Platform Linux 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 Alert Count 2 First Seen Sat 16 Jun 2007 12:27:04 PM CDT Last Seen Sat 16 Jun 2007 12:27:10 PM CDT Local ID f4619676-d470-40a1-ac84-97fabbc96456 Line Numbers Raw Audit Messages avc: denied { execute } for comm="apcupsd" dev=sda2 egid=0 euid=0 exe="/usr/sbin/apcupsd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="apccontrol" pid=7387 scontext=system_u:system_r:apcupsd_t:s0 sgid=0 subj=system_u:system_r:apcupsd_t:s0 suid=0 tclass=file tcontext=system_u:object_r:bin_t:s0 tty=(none) uid=0 Expected results: I know this has been a difficult area and that the maintainer of apcupsd is to be working on moving those executables out of /etc/apcupsd. Anyway, this occurred during a test of the battery. No tty messages were sent and I get a permission denied error for apccontrol, which means that if the power failed and the battery ran out, it wouldn't shut down the machine. I'm hoping we can get this to work as my power is a bit unreliable in the summer.
Fixed in current release.