Bug 465666

Summary: NetworkManager-pptp doesn't work with NetworkManager-0.7.0-0.11.svn4022.4
Product: [Fedora] Fedora Reporter: Hervé Rilos <herve.rilos>
Component: selinux-policyAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 9CC: dcbw, dwalsh, jkubin, lkundrak, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-30 17:35:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hervé Rilos 2008-10-05 11:57:32 UTC 
Description of problem:
NetworkManager failed to connect to my PPTP VPN. In /var/log/message : 
"Failed to execute child process "/usr/sbin/pppd" (Permission denied)
<WARN>  connection_state_changed(): Could not process the request because no VPN connection was active"

Version-Release number of selected component (if applicable):
0.7.0-0.10.svn4027

How reproducible:
Always

Steps to Reproduce:
1. Select a pptp VPN in network manager to connect to.
  
Actual results:
The NetworkManager applet show a message saying the connection cannot be established 

Expected results:
Connect successfully to the VPN as before

Additional info:
Setuid pppd doesn't help.
Comment 1 Lubomir Rintel 2008-10-05 18:36:11 UTC 
Hm, I'm wondering if you can paste the output of the following commands here:

1.) ls -l /usr/sbin/pppd
2.) rpm -Vf /usr/sbin/pppd
3.) egrep 'pptp|ppp' /var/log/audit/audit.log
Comment 2 Hervé Rilos 2008-10-06 07:53:23 UTC 
Sure I can :

[root@mel ~]# ls -l /usr/sbin/pppd
-r-xr-xr-x 1 root root 318024 mai 13 11:13 /usr/sbin/pppd

[root@mel ~]# rpm -Vf /usr/sbin/pppd
S.5....T  c /etc/ppp/chap-secrets
S.5....T  c /etc/ppp/pap-secrets

[root@mel ~]# egrep 'pptp|ppp' /var/log/audit/audit.log 
type=AVC msg=audit(1223203645.948:126): avc:  denied  { execute } for  pid=4276 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223203645.948:126): arch=40000003 syscall=11 success=no exit=-13 a0=9cff5d8 a1=9d08a58 a2=bfc5f24c a3=9cff5d8 items=0 ppid=4275 pid=4276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223203665.058:136): avc:  denied  { execute } for  pid=4293 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223203665.058:136): arch=40000003 syscall=11 success=no exit=-13 a0=85d45d8 a1=85dda58 a2=bfaa908c a3=85d45d8 items=0 ppid=4292 pid=4293 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223203679.676:137): avc:  denied  { execute } for  pid=4307 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223203679.676:137): arch=40000003 syscall=11 success=no exit=-13 a0=85fe480 a1=85fe6d0 a2=bfe093fc a3=85fe480 items=0 ppid=4306 pid=4307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223203920.244:138): avc:  denied  { execute } for  pid=4499 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223203920.244:138): arch=40000003 syscall=11 success=no exit=-13 a0=8b79be0 a1=8b7b3f0 a2=bfbcf69c a3=8b79be0 items=0 ppid=4496 pid=4499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223204106.327:139): avc:  denied  { execute } for  pid=4729 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223204106.327:139): arch=40000003 syscall=11 success=no exit=-13 a0=80ff458 a1=81052b0 a2=bfe4c98c a3=80ff458 items=0 ppid=4726 pid=4729 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223204202.002:140): avc:  denied  { execute } for  pid=4821 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223204202.002:140): arch=40000003 syscall=11 success=no exit=-13 a0=9c73480 a1=9c736d0 a2=bfcb334c a3=9c73480 items=0 ppid=4820 pid=4821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223204259.840:141): avc:  denied  { execute } for  pid=4961 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223204259.840:141): arch=40000003 syscall=11 success=no exit=-13 a0=9dbebe0 a1=9dc03f0 a2=bfab8c4c a3=9dbebe0 items=0 ppid=4954 pid=4961 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223204350.231:142): avc:  denied  { execute } for  pid=5112 comm="nm-pptp-service" name="pppd" dev=sda5 ino=391681 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223204350.231:142): arch=40000003 syscall=11 success=no exit=-13 a0=8255530 a1=825ea18 a2=bfbc89cc a3=8255530 items=0 ppid=5105 pid=5112 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223205014.417:149): avc:  denied  { execute } for  pid=5629 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437773 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223205014.417:149): arch=40000003 syscall=11 success=no exit=-13 a0=9aea480 a1=9aea6d0 a2=bfc5b2fc a3=9aea480 items=0 ppid=5628 pid=5629 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223205078.119:150): avc:  denied  { execute } for  pid=5677 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437773 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223205078.119:150): arch=40000003 syscall=11 success=no exit=-13 a0=8a3d5d8 a1=8a46a58 a2=bfadae7c a3=8a3d5d8 items=0 ppid=5676 pid=5677 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223205540.806:163): avc:  denied  { execute } for  pid=6090 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223205540.806:163): arch=40000003 syscall=11 success=no exit=-13 a0=93c41e0 a1=93c44e0 a2=bfce154c a3=93c41e0 items=0 ppid=6089 pid=6090 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223207626.220:164): avc:  denied  { execute } for  pid=7605 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223207626.220:164): arch=40000003 syscall=11 success=no exit=-13 a0=82ab480 a1=82ab6d0 a2=bfab895c a3=82ab480 items=0 ppid=7604 pid=7605 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223207669.499:165): avc:  denied  { execute } for  pid=7639 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223207669.499:165): arch=40000003 syscall=11 success=no exit=-13 a0=80dc480 a1=80dc6d0 a2=bf8da77c a3=80dc480 items=0 ppid=7638 pid=7639 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223207703.489:166): avc:  denied  { execute } for  pid=7661 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223207703.489:166): arch=40000003 syscall=11 success=no exit=-13 a0=9140480 a1=91406d0 a2=bfac696c a3=9140480 items=0 ppid=7660 pid=7661 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1223207712.122:167): avc:  denied  { execute } for  pid=7671 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1223207712.122:167): arch=40000003 syscall=11 success=no exit=-13 a0=913f390 a1=9138af8 a2=bfac696c a3=913f390 items=0 ppid=7660 pid=7671 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="nm-pptp-service" exe="/usr/libexec/nm-pptp-service" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)

Thanks.
Comment 3 Dan Williams 2008-10-06 15:46:54 UTC 
Are you running SELinux in enforcing mode?  Resurrection of the pptp plugin is new enough that we may need to fix up the SELinux policy to make sure things work smoothly.
Comment 4 Hervé Rilos 2008-10-07 06:27:33 UTC 
Yes, I was running SELinux in enforcing mode. Switching to permissive made the trick. Thanks for your help.
Comment 5 Lubomir Rintel 2008-10-07 17:12:44 UTC 
Please grep the AVC denials from your audit.log again when in permissive mode so that we can see what does pptp need to be permitted to work in enforcing mode.

Thanks
Comment 6 Hervé Rilos 2008-10-07 19:03:25 UTC 
The requested logs :

type=AVC msg=audit(1223405882.183:612): avc:  denied  { execute } for  pid=7524 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.183:612): avc:  denied  { read } for  pid=7524 comm="nm-pptp-service" name="pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.183:612): avc:  denied  { execute_no_trans } for  pid=7524 comm="nm-pptp-service" path="/usr/sbin/pppd" dev=sda5 ino=437765 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.190:613): avc:  denied  { read } for  pid=7524 comm="pppd" name="options" dev=sda5 ino=1226018 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
type=AVC msg=audit(1223405882.190:614): avc:  denied  { getattr } for  pid=7524 comm="pppd" path="/etc/ppp/options" dev=sda5 ino=1226018 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
type=AVC msg=audit(1223405882.203:615): avc:  denied  { read write } for  pid=7524 comm="pppd" name="ppp" dev=tmpfs ino=1916 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
type=AVC msg=audit(1223405882.203:616): avc:  denied  { write } for  pid=7524 comm="pppd" name="pppd2.tdb" dev=sda5 ino=549671 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_var_run_t:s0 tclass=file
type=AVC msg=audit(1223405882.204:617): avc:  denied  { read write } for  pid=7524 comm="pppd" name="ptmx" dev=tmpfs ino=247 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file
type=AVC msg=audit(1223405882.205:618): avc:  denied  { ioctl } for  pid=7524 comm="pppd" path="/dev/ptmx" dev=tmpfs ino=247 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file
type=AVC msg=audit(1223405882.206:619): avc:  denied  { setattr } for  pid=7524 comm="pppd" name="2" dev=devpts ino=4 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1223405882.207:620): avc:  denied  { ioctl } for  pid=7524 comm="pppd" path="/dev/ppp" dev=tmpfs ino=1916 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
type=AVC msg=audit(1223405882.213:621): avc:  denied  { execute } for  pid=7525 comm="sh" name="pptp" dev=sda5 ino=435849 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.213:621): avc:  denied  { read } for  pid=7525 comm="sh" name="pptp" dev=sda5 ino=435849 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.213:621): avc:  denied  { execute_no_trans } for  pid=7525 comm="sh" path="/usr/sbin/pptp" dev=sda5 ino=435849 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_exec_t:s0 tclass=file
type=AVC msg=audit(1223405882.222:622): avc:  denied  { create } for  pid=7525 comm="pptp" scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=rawip_socket
type=AVC msg=audit(1223405882.222:623): avc:  denied  { connect } for  pid=7525 comm="pptp" lport=47 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=rawip_socket
type=AVC msg=audit(1223405882.223:624): avc:  denied  { search } for  pid=7525 comm="pptp" name="pptp" dev=sda5 ino=767648 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_var_run_t:s0 tclass=dir
type=AVC msg=audit(1223405882.302:625): avc:  denied  { getattr } for  pid=7529 comm="pptp" path="/var/run/pptp" dev=sda5 ino=767648 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_var_run_t:s0 tclass=dir
type=AVC msg=audit(1223405882.302:626): avc:  denied  { write } for  pid=7529 comm="pptp" name="pptp" dev=sda5 ino=767648 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_var_run_t:s0 tclass=dir
type=AVC msg=audit(1223405882.302:626): avc:  denied  { add_name } for  pid=7529 comm="pptp" name="255.255.255.255:82.233.39.160" scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pptp_var_run_t:s0 tclass=dir
type=AVC msg=audit(1223405882.302:626): avc:  denied  { create } for  pid=7529 comm="pptp" name="255.255.255.255:82.233.39.160" scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:pptp_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1223405882.302:627): avc:  denied  { setattr } for  pid=7529 comm="pptp" name="255.255.255.255:82.233.39.160" dev=sda5 ino=767596 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:pptp_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1223405883.303:628): avc:  denied  { write } for  pid=7525 comm="pptp" name="255.255.255.255:82.233.39.160" dev=sda5 ino=767596 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:pptp_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1223405883.303:628): avc:  denied  { connectto } for  pid=7525 comm="pptp" path="/var/run/pptp/255.255.255.255:82.233.39.160" scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1223405883.385:629): avc:  denied  { write } for  pid=7525 comm="pptpgw" path="socket:[1664303]" dev=sockfs ino=1664303 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=rawip_socket
type=AVC msg=audit(1223405883.441:630): avc:  denied  { read } for  pid=7525 comm="pptpgw" path="socket:[1664303]" dev=sockfs ino=1664303 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=rawip_socket
type=AVC msg=audit(1223405883.877:631): avc:  denied  { search } for  pid=7524 comm="pppd" name="ppp" dev=sda5 ino=546806 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_var_run_t:s0 tclass=dir
type=AVC msg=audit(1223405883.877:631): avc:  denied  { write } for  pid=7524 comm="pppd" name="resolv.conf" dev=sda5 ino=549731 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:pppd_var_run_t:s0 tclass=file

Ask if you need something else.
Thanks.
Comment 7 Dan Williams 2008-10-30 03:15:45 UTC 
Dan: some parts of this probably got fixed; not sure if the one for nm-pptp-service execing pppd has been though.  Thanks!
Comment 8 Daniel Walsh 2008-10-30 17:35:35 UTC 
Most of this should be fixed in selinux-policy-3.3.1-103.fc9

Please reopen if you still have problems.