Description of problem: Strongswan has introduced a new binary for starting the IPsec tunnels, charon-systemd [1], and a new service unit, strongswan-swanctl.service This binary is labelled as bit_t, so the service runs as unconfined_service_t. # ps -efZ |grep charon system_u:system_r:unconfined_service_t:s0 root 29723 1 0 15:52 ? 00:00:00 /usr/sbin/charon-systemd Please, extend the policy to cover this new binary. Thank you. [1] https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd Version-Release number of selected component (if applicable): strongswan-5.2.2-1.fc21.x86_64 selinux-policy-3.13.1-105.3.fc21.noarch selinux-policy-targeted-3.13.1-105.3.fc21.noarch
commit 1f3e6889029ea14af5c3ab944c39ec375a0e647f Author: Lukas Vrabec <lvrabec> Date: Tue Feb 17 17:48:24 2015 +0100 Label new strongswan binary swanctl and new unit file strongswan-swanctl.service. BZ(1193102)
selinux-policy-3.13.1-105.5.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.5.fc21
Package selinux-policy-3.13.1-105.5.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.5.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2733/selinux-policy-3.13.1-105.5.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.6.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.6.fc21
selinux-policy-3.13.1-105.6.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.