Bug 1315700
| Summary: | Libreswan XAUTH server mode uses pam | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Tuomo Soini <tis> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.2 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, pwouters, ssekidde, tis | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | selinux-policy-3.13.1-66.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1317988 (view as bug list) | Environment: | |||||
| Last Closed: | 2016-11-04 02:44:22 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Could you attach also raw AVC msgs? Thank you. I did. Check the patch. It makes sense. We will add it also in RHEL-6. commit dfab3e8e16abbdbdf1d5b97675ad1668e785884e
Author: Lukas Vrabec <lvrabec>
Date: Wed Mar 16 10:53:34 2016 +0100
Allow ipsec to use pam.
Resolves: rhbz#1315700
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html |
Created attachment 1134146 [details] Proposed fix for selinux policy with AVCs caused by problem. Libreswan XAUTH server mode uses pam but selinux policy doesn't allow that. Attached patch lists AVCs caused by that and fix for PAM auth problem.