Bug 1301319
Summary: | VPN (strongswan) only connects when NetworkManager is started in debug mode | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Doumont <jan.doumont> | ||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | 23 | CC: | blueowl, dominick.grift, dwalsh, lkundrak, lvrabec, mgrepl, plautrba | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | selinux-policy-3.13.1-158.8.fc23 selinux-policy-3.13.1-158.9.fc23 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-03-05 06:22:45 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jan Doumont
2016-01-24 03:25:02 UTC
Would you include NetworkManager logs for both the successful and the failing case. You should be able to get the logs using journalctl. # journalctl -b 0 -u NetworkManager Created attachment 1118337 [details]
Output of journalctl for failed connection
Created attachment 1118338 [details]
log for successful connection
Created attachment 1118339 [details]
SELinux audit.log, grepped for 'charon-nm'
I looked at the logs and uploaded them here. For some reason (not sure why; might be connected to my attempts of installing custom policies into selinux), I couldn't get it working in the debug mode of NetworkManager anymore either. But, it is quite evident from the logs that SELinux is to blame. So I included on top of journalctl logs for NetworkManager, also audit.log, grepped for the suspect process 'charon-nm'. For clarity, the successful connection and the audit.log are acquired after setting SELinux to 'permissive'. commit 8fd6f85a0fb7b7247b7c408dc378ca3164f6bf85 Author: Lukas Vrabec <lvrabec> Date: Thu Feb 25 17:33:09 2016 +0100 Allow ipsec to read home certs, when connecting to VPN. rhbz#1301319 selinux-policy-3.13.1-158.9.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870 selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870 selinux-policy-3.13.1-158.9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |