Bug 984690
Summary: | strongswan needs a few extra permissions | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jamie Nguyen <jamielinux> | ||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 20 | CC: | dominick.grift, dwalsh, jamielinux, mgrepl | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2014-02-23 15:28:52 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jamie Nguyen
2013-07-15 17:10:22 UTC
Could you please attach AVC msgs for these rules. Thank you. Created attachment 774163 [details]
AVC logs on F19
Just a note that on EL6, strongswan currently runs as initrc_t so I've not seen any AVC messages. If you introduce the fcontext changes in: https://bugzilla.redhat.com/show_bug.cgi?id=984686 to EL6, as well as the additional one I mention in this comment: https://bugzilla.redhat.com/show_bug.cgi?id=984686#c2 then I get some AVC messages which I'll attach. Created attachment 774164 [details]
AVC logs on EL6 (after adding required fcontexts)
Created attachment 775201 [details]
AVC logs on F19
I am adding fixes to Fedora. Could please clone this bug for RHEL. This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20 selinux-policy-3.12.1-83.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-83.fc20 Package selinux-policy-3.12.1-83.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-83.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-17722/selinux-policy-3.12.1-83.fc20 then log in and leave karma (feedback). Package selinux-policy-3.12.1-84.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-84.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-17722/selinux-policy-3.12.1-84.fc20 then log in and leave karma (feedback). |