Bug 470214
| Summary: | SELinux prevents vpnc to read /proc/sys/crypto/fips_enabled and makes vpnc crash | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||
| Component: | vpnc | Assignee: | Tomas Mraz <tmraz> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | dwalsh, mcepl, tmraz, wtogami | ||||
| Target Milestone: | --- | Keywords: | SELinux | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-11-06 13:56:21 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Fixed in selinux-policy-3.5.13-17.fc10 |
Created attachment 322684 [details] /var/log/audit/audit.log Description of problem: [root@hubmaier ~]# vpnc FATAL: error reading `/proc/sys/crypto/fips_enabled' in libgcrypt: Permission denied Neoprávněný přístup do paměti (SIGSEGV) [root@hubmaier ~]# ls -lZ /proc/sys/crypto/ -r--r--r-- root root ? fips_enabled [root@hubmaier ~]# ausearch -m AVC -ts today |grep vpnc|audit2allow module vpncFips 1.0; require { type vpnc_t; type sysctl_t; type user_home_dir_t; class process signal; class file read; class dir write; } #============= vpnc_t ============== allow vpnc_t self:process signal; allow vpnc_t sysctl_t:file read; allow vpnc_t user_home_dir_t:dir write; [root@hubmaier ~]# Version-Release number of selected component (if applicable): selinux-policy-targeted-3.5.13-11.fc10.noarch vpnc-0.5.1-6.fc10.x86_64 How reproducible: 100% Steps to Reproduce: 1.see above 2. 3. Actual results: crash (which is another problem which will be filed separately) because SELinux makes problems. Expected results: vpnc connected Additional info: