libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.5-1.fc16.i686.PAE reason: SELinux is preventing /sbin/apcupsd from read, write access on the chr_file ttyUSB0. time: Mi 14 Dez 2011 22:13:27 CET description: :SELinux is preventing /sbin/apcupsd from read, write access on the chr_file ttyUSB0. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that apcupsd should be allowed read write access on the ttyUSB0 chr_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep apcupsd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:apcupsd_t:s0 :Target Context system_u:object_r:usbtty_device_t:s0 :Target Objects ttyUSB0 [ chr_file ] :Source apcupsd :Source Path /sbin/apcupsd :Port <Unbekannt> :Host (removed) :Source RPM Packages apcupsd-3.14.10-1.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-64.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.1.5-1.fc16.i686.PAE #1 SMP : Fri Dec 9 18:02:46 UTC 2011 i686 i686 :Alert Count 12 :First Seen Fr 04 Nov 2011 17:39:35 CET :Last Seen Mi 14 Dez 2011 17:49:30 CET :Local ID a30b3959-5d0c-4d9e-b7f8-9e481262f301 : :Raw Audit Messages :type=AVC msg=audit(1323881370.176:144): avc: denied { read write } for pid=2357 comm="apcupsd" name="ttyUSB0" dev=devtmpfs ino=22293 scontext=system_u:system_r:apcupsd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file : : :type=SYSCALL msg=audit(1323881370.176:144): arch=i386 syscall=open success=no exit=EACCES a0=967f174 a1=902 a2=b a3=9687358 items=0 ppid=1 pid=2357 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=apcupsd exe=/sbin/apcupsd subj=system_u:system_r:apcupsd_t:s0 key=(null) : :Hash: apcupsd,apcupsd_t,usbtty_device_t,chr_file,read,write : :audit2allow : :#============= apcupsd_t ============== :allow apcupsd_t usbtty_device_t:chr_file { read write }; : :audit2allow -R : :#============= apcupsd_t ============== :allow apcupsd_t usbtty_device_t:chr_file { read write }; :
Should the apcupsd be allowed to talk to /dev/ttyUSB0?
Yes, apcupsd should be allowed to talk to /dev/ttyUSB0 by default. In many cases a UPS is connected to a computer using a serial cable. Nowadays serial ports are rather rare and often USB-serial adapters have to be used. In such cases, apcupsd has to cummunicate with the attached UPS via /dev/ttyUSB0 or /dev/ttyUSB1 etc.
Thanks for confirming.
Fixed in Rawhide, Miroslav please backport to RHEL6, F15, F16.
selinux-policy-3.10.0-74.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-74.fc16
Package selinux-policy-3.10.0-74.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-74.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0983/selinux-policy-3.10.0-74.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-74.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.