Bug 834861
Summary: | SELinux is preventing xl2tpd from 'execute' accesses on the file /usr/libexec/pt_chown. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | ManFree <roman_romul> |
Component: | xl2tpd | Assignee: | Paul Wouters <pwouters> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 17 | CC: | dominick.grift, dwalsh, mgrepl, pwouters |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:57ccf69d3a7656140feabec0fb368e0eab791b63c45f9da3a2e2892557a6bc4e | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-07-21 22:50:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ManFree
2012-06-24 10:56:02 UTC
Paul does this make sense to you? pt_chown is only called if devpts devices are created with the wrong ownership/permissions. It's coming in through xl2tpd's pty.c: /* change the onwership */ if (grantpt(fd)) { l2tp_log (LOG_WARNING, "%s: unable to grantpt() on pty\n", __FUNCTION__); close(fd); return -EINVAL; } I'm not sure why this is needed, as the pppd's run as root since there are no other system users. It does set the gid to "tty", but I don't that really matters. I tested xl2tpd with the above code section removed, and the IPsec/L2TP tunnel worked fine. So I think this is mostly historic and can be removed. xl2tpd and pppd works as root. I would just make sure that pty is not too looses, IE Can a general user access the PTY. crw--w----. 1 root tty 136, 1 Jun 26 21:45 /dev/pts/1 Seems fine to me? Then it looks good. xl2tpd-1.3.1-9.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/xl2tpd-1.3.1-9.fc17 Package xl2tpd-1.3.1-9.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing xl2tpd-1.3.1-9.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-10527/xl2tpd-1.3.1-9.fc17 then log in and leave karma (feedback). xl2tpd-1.3.1-9.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. xl2tpd-1.3.1-5.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/xl2tpd-1.3.1-5.el6 |