Looks like the current policies don't let acpid start due to the following AVCs: type=AVC msg=audit(1351519964.719:14328): avc: denied { create } for pid=27085 comm="acpid" ipaddr=50.56.228.64 scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=netlink_socket type=SYSCALL msg=audit(1351519964.719:14328): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=80003 a2=10 a3=4000 items=0 ppid=27084 pid=27085 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1474 comm="acpid" exe="/usr/sbin/acpid" subj=system_u:system_r:initrc_t key=(null) type=AVC msg=audit(1351519964.719:14329): avc: denied { create } for pid=27085 comm="acpid" ipaddr=50.56.228.64 scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=netlink_socket type=SYSCALL msg=audit(1351519964.719:14329): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=80003 a2=10 a3=a8ebddf2e2 items=0 ppid=27084 pid=27085 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1474 comm="acpid" exe="/usr/sbin/acpid" subj=system_u:system_r:initrc_t key=(null) type=AVC msg=audit(1351519964.719:14330): avc: denied { create } for pid=27085 comm="acpid" name="acpid.socket" ipaddr=50.56.228.64 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:var_run_t tclass=sock_file type=SYSCALL msg=audit(1351519964.719:14330): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=73bb30fbfc40 a2=6e a3=ffffff00 items=1 ppid=27084 pid=27085 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1474 comm="acpid" exe="/usr/sbin/acpid" subj=system_u:system_r:initrc_t key=(null) I'm curious as to why acpid runs in initrc_t when trying to create this socket as well. I assume it's because there is no acpid policy yet? Would it make sense to create a policy for acpid? If so let me know and I'll whip one together; otherwise, I'll continue to help troubleshoot why this isn't starting (beyond the socket creation). Reproducible: Always
The acpi daemon should be handled by the apm module
You are correct sir. In that case it looks like acpid simply needs to depend on selinux-apm. It works correctly with that module loaded.
Thanks; I added selinux-apm as a dependency to acpid.