Description of problem: Tried to connect to VPN and this popped up. SELinux is preventing /usr/sbin/sstpc from 'setattr' accesses on the sock_file . ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sstpc should be allowed setattr access on the sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sstpc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:pppd_t:s0 Target Context system_u:object_r:pppd_var_run_t:s0 Target Objects [ sock_file ] Source sstpc Source Path /usr/sbin/sstpc Port <Unknown> Host (removed) Source RPM Packages sstp-client-1.0.9-4.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-182.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.15.10-201.fc20.x86_64 #1 SMP Wed Aug 27 21:10:06 UTC 2014 x86_64 x86_64 Alert Count 8 First Seen 2014-08-14 23:10:31 CEST Last Seen 2014-09-03 00:12:33 CEST Local ID 495f9c61-aee5-45c9-b731-d17dff9e62a1 Raw Audit Messages type=AVC msg=audit(1409695953.739:1959): avc: denied { setattr } for pid=17470 comm="sstpc" name="sstpc-nm-sstp-service-17465" dev="tmpfs" ino=370165 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:pppd_var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1409695953.739:1959): arch=x86_64 syscall=chown success=no exit=EACCES a0=7fff4233fbd2 a1=3de a2=3d9 a3=0 items=0 ppid=17468 pid=17470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sstpc exe=/usr/sbin/sstpc subj=system_u:system_r:pppd_t:s0 key=(null) Hash: sstpc,pppd_t,pppd_var_run_t,sock_file,setattr Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.15.10-201.fc20.x86_64 type: libreport
0bf5dfe302c69a538e9d101dcd22970b3564a602 fixes this in git.
*** Bug 1136574 has been marked as a duplicate of this bug. ***
*** Bug 1136566 has been marked as a duplicate of this bug. ***
commit 0bf5dfe302c69a538e9d101dcd22970b3564a602 Author: Dan Walsh <dwalsh> Date: Wed Sep 3 05:54:11 2014 -0400 Allow pppd to create sock_files in /var/run https://github.com/selinux-policy/selinux-policy/commit/ab2143ce194be8787996b1d705995b04b649ad82
selinux-policy-3.12.1-183.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-183.fc20
selinux-policy-3.12.1-183.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Hum, I might have misreported this: I am on fedora 23, not 20 :-/
Did you recently get this problem? What AVC are you seeing?
Sorry wrong thread, my problem is described in bug 1302666. :-/