Bug 182632 - selinux-policy-2.2.20-1 prevents me from running vpnc
Summary: selinux-policy-2.2.20-1 prevents me from running vpnc
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC5Blocker
TreeView+ depends on / blocked
 
Reported: 2006-02-23 19:26 UTC by Nalin Dahyabhai
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-08 21:00:11 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Nalin Dahyabhai 2006-02-23 19:26:25 UTC 
Description of problem:
With the latest version of the SELinux policy installed, vpnc appears to hang
when I run it.  Under strace, I can tell that it attempted to prompt me for
information which wasn't in its configuration file, and is waiting for me to
respond, but the prompt didn't make it to the console (/dev/tty2).

Version-Release number of selected component (if applicable):
2.2.20-1

How reproducible:
Always

Steps to Reproduce:
1. Install vpnc.
2. Log in on a text console as 'root'.
3. Run vpnc.
  
Actual results:
Nothing happens.  The command appears to hang.

Expected results:
vpnc should prompt me for the address of my VPN concentrator.

Additional info:
This appears to have broken somewhere between 2.2.12 and 2.2.17.  The avc
denials which are logged are all for this av:
type=AVC msg=audit(1140722662.992:753): avc:  denied  { use } for  pid=31422
comm="vpnc" name="tty2" dev=tmpfs ino=1199
scontext=root:system_r:vpnc_t:s0-s0:c0.c255
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=fd
Comment 1 Daniel Walsh 2006-02-23 19:46:10 UTC 
Fixed in Fedora/selinux-policy-2.2.21-2.noarch.rpm
Comment 2 Nalin Dahyabhai 2006-02-23 19:46:44 UTC 
Confirmed.
Note You need to log in before you can comment on or make changes to this bug.