Bug 2346352

Summary: SELinux denies nm-ssh-service
Product: [Fedora] Fedora Reporter: Andrea Oliveri <oliveriandrea>
Component: NetworkManager-sshAssignee: Dan Fruehauf <malkodan>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 41CC: echevemaster, malkodan
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-03-21 05:42:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrea Oliveri 2025-02-18 20:18:19 UTC 
Hi,
I have created a NetworkManager-SSH VPN connection using the GNOME graphical interface but when I start the VPN I receive different SELinux denied that does not permit to start the VPN.

```
type=AVC msg=audit(1739909056.441:1243): avc:  denied  { dac_override } for  pid=95398 comm="nm-ssh-service" capability=1  scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:system_r:NetworkManager_ssh_t:s0 tclass=capability permissive=0
```

```
type=AVC msg=audit(1739909188.631:1268): avc:  denied  { execute_no_trans } for  pid=95846 comm="nm-ssh-service" path="/usr/bin/ssh" dev="nvme0n1p4" ino=248310 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file permissive=0
```

Reproducible: Always
Comment 1 Dan Fruehauf 2025-02-28 08:47:48 UTC 
Hi Andrea, I believe this is a duplicate of 2316915. Would you be able to confirm that?

It is a known problem to me, but I also have limited understanding of selinux. I'm hoping to try and put some work into it this weekend.
Comment 2 Andrea Oliveri 2025-03-19 17:51:05 UTC 
Sorry for the very late reply. 
Maybe it's the same problem, I'm not completely sure.
Comment 3 Dan Fruehauf 2025-03-21 05:42:35 UTC 
I'll mark it as a dup of https://bugzilla.redhat.com/show_bug.cgi?id=2316915

If you feel this is unjust, please feel free to reopen this one, or open a new bug report.

*** This bug has been marked as a duplicate of bug 2316915 ***