Description of problem: This error pops up when using NetworkManager to create an SSH VPN session SELinux is preventing /usr/bin/sshpass from read, write access on the chr_file ptmx. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sshpass should be allowed read write access on the ptmx chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sshpass /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:ptmx_t:s0 Target Objects ptmx [ chr_file ] Source sshpass Source Path /usr/bin/sshpass Port <Unknown> Host (removed) Source RPM Packages sshpass-1.05-7.fc22.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-128.16.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.8-200.fc22.x86_64 #1 SMP Tue Sep 22 12:13:21 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-10-13 08:17:49 CEST Last Seen 2015-10-13 08:17:49 CEST Local ID eddd6445-fccd-40f6-8d1f-b56c8d2d1188 Raw Audit Messages type=AVC msg=audit(1444717069.671:1162): avc: denied { read write } for pid=855 comm="sshpass" name="ptmx" dev="devtmpfs" ino=10482 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1444717069.671:1162): arch=x86_64 syscall=open success=no exit=EACCES a0=7f965598ecf7 a1=2 a2=0 a3=df items=0 ppid=838 pid=855 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sshpass exe=/usr/bin/sshpass subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash: sshpass,NetworkManager_t,ptmx_t,chr_file,read,write Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.8-200.fc22.x86_64 type: libreport Potential duplicate: bug 1058028
Did it work? Or do you need to switch to permissive mode?
Hi, I tried to execute # grep sshpass /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp several times, but unfortunately it does not fix the SELinux notifications. When switching to permissive mode and applying some extra SELinux policies, it seems to work. With best regards, Tom.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
The same happens for me on Fedora 27 on attempt to start NetworkManager SSH VPN connection. Any chance to reopen this one?