Bug 860087
| Summary: | Update SELinux policies for pppd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Michal Bruncko <michal.bruncko> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Michal Trunecka <mtruneck> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.5 | CC: | dwalsh, ebenes, mmalik, mtruneck |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.7.19-168.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 08:30:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Michal Bruncko
2012-09-24 22:35:04 UTC
just additional information: pppd needs to be allowed also to "read" and "write" operations on l2tpd_t:socket. without this I was not able to create VPN connection. thanks! Just one thing: the reason why pppd is trying to access stuff of radiusclient (like dictionary) is because I am using pppd with radius.so plugin. /etc/ppp/options.xl2tpd: ... plugin radius.so radius-config-file "/etc/radiusclient-ng/radiusclient.conf" plugin radattr.so ... (In reply to comment #1) > just additional information: pppd needs to be allowed also to "read" and > "write" operations on l2tpd_t:socket. > without this I was not able to create VPN connection. > > thanks! Ok. Thank you for testing. probably it will be nice to use for this "pppd <--> l2tp ability" a new selinux boolean variable because this is specific pppd usage. but this is only my opinion. tried latest version again from http://people.redhat.com/dwalsh/SELinux/RHEL6/noarch/ with following results: [root@vpn01 ~]# rpm -ivhU selinux-policy-3.7.19-168.el6.noarch.rpm selinux-policy-targeted-3.7.19-168.el6.noarch.rpm Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] libsepol.scope_copy_callback: passenger: Duplicate declaration in module: type/attribute passenger_tmp_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! now I am unsure if there is sense for trying testing because I dont know if only one module failed or anything else. Milos, are you also getting this issue? Yes, I see it too.
# yum reinstall selinux-policy-3.7.19-168.el6.noarch.rpm selinux-policy-targeted-3.7.19-168.el6.noarch.rpm
Loaded plugins: product-id, refresh-packagekit, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Reinstall Process
Examining selinux-policy-3.7.19-168.el6.noarch.rpm: selinux-policy-3.7.19-168.el6.noarch
Examining selinux-policy-targeted-3.7.19-168.el6.noarch.rpm: selinux-policy-targeted-3.7.19-168.el6.noarch
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.7.19-168.el6 will be reinstalled
---> Package selinux-policy-targeted.noarch 0:3.7.19-168.el6 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package
Arch Version Repository Size
================================================================================
Reinstalling:
selinux-policy
noarch 3.7.19-168.el6 /selinux-policy-3.7.19-168.el6.noarch 8.7 M
selinux-policy-targeted
noarch 3.7.19-168.el6 /selinux-policy-targeted-3.7.19-168.el6.noarch 3.2 M
Transaction Summary
================================================================================
Reinstall 2 Package(s)
Total size: 12 M
Installed size: 12 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : selinux-policy-3.7.19-168.el6.noarch 1/2
Installing : selinux-policy-targeted-3.7.19-168.el6.noarch 2/2
libsepol.scope_copy_callback: passenger: Duplicate declaration in module: type/attribute passenger_tmp_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
Verifying : selinux-policy-3.7.19-168.el6.noarch 1/2
Verifying : selinux-policy-targeted-3.7.19-168.el6.noarch 2/2
Installed:
selinux-policy.noarch 0:3.7.19-168.el6
selinux-policy-targeted.noarch 0:3.7.19-168.el6
Complete!
#
I apologize. Should be fixed in selinux-policy-3.7.19-169.el6 which will be uploaded soon. Thank you for testing. ok, no problem. just one question. is anything else needed to override/disable local Selinux policy? how is possible to flush/clear it completely? thanks Using semodule tool # semodule -r mypol selinux-policy-3.7.19-169.el6 is on people.redhat.com/dwalsh/SELinux/RHEL6 yes! its working now, confirming :) selinux update without issues, local policy removed (semodule -r local), enforcing mode enabled. issue resolved, this bug could be closed now Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html |