This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 338441 - [PATCH] vpnc and NM-vpnc AVC denial
[PATCH] vpnc and NM-vpnc AVC denial
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
high Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-18 13:25 EDT by Warren Togami
Modified: 2008-01-30 14:19 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:19:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Warren Togami 2007-10-18 13:25:10 EDT
Something changed in the last day, causing both vpnc manual and
NetworkManager-vpnc to fail due to an AVC denial.

type=AVC msg=audit(1192727125.905:29): avc:  denied  { name_bind } for  pid=4069
comm="vpnc" src=4500 scontext=system_u:system_r:vpnc_t:s0
tcontext=system_u:object_r:ipsecnat_port_t:s0 tclass=udp_socket

module vpncawesomeness 1.0;

require {
        type vpnc_t;
        type ipsecnat_port_t;
        class udp_socket name_bind;
}

#============= vpnc_t ==============
allow vpnc_t ipsecnat_port_t:udp_socket name_bind;
Comment 1 Warren Togami 2007-10-18 13:28:03 EDT
dwalsh said that yesterday port 4500 began being labeled for the first time,
that would explain why this problem began now.
Comment 2 Daniel Walsh 2007-10-18 16:37:01 EDT
Fixed in selinux-policy-3.0.8-25
Comment 3 Daniel Walsh 2008-01-30 14:19:57 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.