Bug 1270216 - Fails with forkpty permission denied
Summary: Fails with forkpty permission denied
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager-fortisslvpn
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-09 10:00 UTC by Berend De Schouwer
Modified: 2016-11-02 11:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-02 11:20:22 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Berend De Schouwer 2015-10-09 10:00:24 UTC 
Description of problem:

Configure a Fortigate SSL VPN.  Try to connect.  Eventually you'll get the following in the logs:
Oct 09 11:49:56 sieve-deschouwer-co-za NetworkManager[1242]: ERROR:  forkpty: Permission denied


Version-Release number of selected component (if applicable):

NetworkManager-fortisslvpn-1.0.6-1.fc23.x86_64


How reproducible:

Every time.


Steps to Reproduce:
1. Configure Fortigate SSL VPN
2. Connect
3.

Actual results:

Nothing happens.


Expected results:

One of
- vpn connects
- error dialog popup


Additional info:

I've reported selinux violations by this package as bug # 1270201
I no longer get any selinux AVC warnings

I assume there's a missing capability?  forkpty() is a normal call for pppd.
Comment 1 Thomas Haller 2016-10-24 12:12:42 UTC 
sorry for the bug getting no attention so far.

Does this issue still happen?
Comment 2 Berend De Schouwer 2016-11-02 03:27:25 UTC 
This is working for me now in F24 + updates with selinux enforcing
Comment 3 Thomas Haller 2016-11-02 11:20:22 UTC 
It's not clear from the original description what the issue there is.

But as it seems to no longer happen, closing. Let's reopen if it still happens and additional information can be provided.

Thanks
Note You need to log in before you can comment on or make changes to this bug.