Bug 1315700 - Libreswan XAUTH server mode uses pam
Libreswan XAUTH server mode uses pam
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
Depends On:
  Show dependency treegraph
Reported: 2016-03-08 07:37 EST by Tuomo Soini
Modified: 2016-11-03 22:44 EDT (History)
8 users (show)

See Also:
Fixed In Version: selinux-policy-3.13.1-66.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1317988 (view as bug list)
Last Closed: 2016-11-03 22:44:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed fix for selinux policy with AVCs caused by problem. (1.23 KB, patch)
2016-03-08 07:37 EST, Tuomo Soini
no flags Details | Diff

  None (edit)
Description Tuomo Soini 2016-03-08 07:37:43 EST
Created attachment 1134146 [details]
Proposed fix for selinux policy with AVCs caused by problem.

Libreswan XAUTH server mode uses pam but selinux policy doesn't allow that.

Attached patch lists AVCs caused by that and fix for PAM auth problem.
Comment 2 Lukas Vrabec 2016-03-08 09:05:44 EST
Could you attach also raw AVC msgs? 

Thank you.
Comment 3 Tuomo Soini 2016-03-08 10:08:27 EST
I did. Check the patch.
Comment 4 Miroslav Grepl 2016-03-14 03:57:09 EDT
It makes sense. We will add it also in RHEL-6.
Comment 5 Lukas Vrabec 2016-03-16 16:51:37 EDT
commit dfab3e8e16abbdbdf1d5b97675ad1668e785884e
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Wed Mar 16 10:53:34 2016 +0100

    Allow ipsec to use pam.
    Resolves: rhbz#1315700
Comment 6 Mike McCune 2016-03-28 19:00:31 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 10 errata-xmlrpc 2016-11-03 22:44:22 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.