Bug 924840
| Summary: | NetworkManager fails to initiate an L2tp/IPsec PSK connection with SELinux denials | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | darton <temp-2009-09-09> |
| Component: | NetworkManager-l2tp | Assignee: | Ivan Romanov <drizt72> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | drizt72 |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-23 08:08:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I think is the same. Anyway I haven't any SELinux and IPSec experience to fix this. Feel to free provide a patch to resolve this issue. I will forward this issue to upstream. But in previous time he couldn't to help. *** This bug has been marked as a duplicate of bug 887674 *** |
Description of problem: Network manager fails to establish an L2tp/IPsec PSK client connection. The log contains avc: denied messages. Version-Release number of selected component (if applicable): NetworkManager.x86_64 1:0.9.8.0-1.fc18 NetworkManager-l2tp.x86_64 0.9.6-2.fc18 selinux-policy.noarch 3.11.1-86.fc18 selinux-policy-targeted.noarch 3.11.1-86.fc18 How reproducible: always Steps to Reproduce: 1. Use regular NetworkManager GUI to create an l2tp client connection. On VPN tab, click "IPsec Settings..." button, check "Enable IPsec tunnel to L2TP host" box, enter pre-shared key. 2. Save the connection. 3. Start the connection. Actual results: NetworkManager fails with the following in /var/log/messages: Mar 22 18:37:33 mysystem NetworkManager[672]: <info> Starting VPN service 'l2tp'... Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 1564 Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN service 'l2tp' appeared; activating connections Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN plugin state changed: starting (3) Mar 22 18:37:33 mysystem kernel: [ 552.972740] type=1400 audit(1363963053.616:4): avc: denied { name_bind } for pid=1564 comm="nm-l2tp-service" src=1701 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:l2tp_port_t:s0 tclass=udp_socket Mar 22 18:37:33 mysystem kernel: [ 553.034018] type=1400 audit(1363963053.678:5): avc: denied { rename } for pid=1564 comm="nm-l2tp-service" name="ipsec.secrets" dev="dm-1" ino=394807 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN connection 'test l2tp' (Connect) reply received. Mar 22 18:37:33 mysystem NetworkManager[672]: <warn> VPN connection 'test l2tp' failed to connect: 'Cannot save /etc/ipsec.secrets'. Mar 22 18:37:33 mysystem NetworkManager[672]: <info> Policy set 'eth1' (em1) as default for IPv4 routing and DNS. Mar 22 18:37:33 mysystem NetworkManager[672]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. Mar 22 18:37:38 mysystem NetworkManager[672]: <info> VPN service 'l2tp' disappeared Expected results: Either VPN connection is being established, or Network Manager complains about some client settings. Additional info: Nothing is written to audit.log, "ausearch -m avc" yields nothing. There is a similar-looking issue opened for Fedora 17, though I'm not sure if these are the same or not: https://bugzilla.redhat.com/show_bug.cgi?id=887674