Red Hat Bugzilla – Bug 247510
There is no selinux module for ipsec-tools (racoon)
Last modified: 2012-10-16 04:15:15 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:220.127.116.11) Gecko/20061201 Firefox/18.104.22.168 (Ubuntu-feisty)
Description of problem:
RHEL5 supplies selinux modules for several services.
But AFAICT there is no module for the ipsec-tools package.
As this is a network service in security environments I would like to see a module supplied for ipsec services in RHEL5.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
see "semodule -l" and "ls -lZ /usr/sbin/racoon*"
-rwxr-xr-x root root system_u:object_r:sbin_t /usr/sbin/racoon
-rwxr-xr-x root root system_u:object_r:sbin_t /usr/sbin/racoonctl
racoon seems not to be secured by SELinux
racoon running in its own exec domain
This bug might be classified as Feature Request.
Or am I wrong and racoon / ipsec in RHEL5 is already secured in RHEL5 and I do not see it?
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Fixed in selinux-policy-2.4.6-156.el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.