Bug 470214
Summary: | SELinux prevents vpnc to read /proc/sys/crypto/fips_enabled and makes vpnc crash | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||
Component: | vpnc | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | dwalsh, mcepl, tmraz, wtogami | ||||
Target Milestone: | --- | Keywords: | SELinux | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-11-06 13:56:21 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Fixed in selinux-policy-3.5.13-17.fc10 |
Created attachment 322684 [details] /var/log/audit/audit.log Description of problem: [root@hubmaier ~]# vpnc FATAL: error reading `/proc/sys/crypto/fips_enabled' in libgcrypt: Permission denied Neoprávněný přístup do paměti (SIGSEGV) [root@hubmaier ~]# ls -lZ /proc/sys/crypto/ -r--r--r-- root root ? fips_enabled [root@hubmaier ~]# ausearch -m AVC -ts today |grep vpnc|audit2allow module vpncFips 1.0; require { type vpnc_t; type sysctl_t; type user_home_dir_t; class process signal; class file read; class dir write; } #============= vpnc_t ============== allow vpnc_t self:process signal; allow vpnc_t sysctl_t:file read; allow vpnc_t user_home_dir_t:dir write; [root@hubmaier ~]# Version-Release number of selected component (if applicable): selinux-policy-targeted-3.5.13-11.fc10.noarch vpnc-0.5.1-6.fc10.x86_64 How reproducible: 100% Steps to Reproduce: 1.see above 2. 3. Actual results: crash (which is another problem which will be filed separately) because SELinux makes problems. Expected results: vpnc connected Additional info: