338441 – [PATCH] vpnc and NM-vpnc AVC denial

Bug 338441 - [PATCH] vpnc and NM-vpnc AVC denial

Summary: [PATCH] vpnc and NM-vpnc AVC denial

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	high
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-10-18 17:25 UTC by Warren Togami
Modified:	2008-01-30 19:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-30 19:19:57 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Warren Togami 2007-10-18 17:25:10 UTC

Something changed in the last day, causing both vpnc manual and
NetworkManager-vpnc to fail due to an AVC denial.

type=AVC msg=audit(1192727125.905:29): avc:  denied  { name_bind } for  pid=4069
comm="vpnc" src=4500 scontext=system_u:system_r:vpnc_t:s0
tcontext=system_u:object_r:ipsecnat_port_t:s0 tclass=udp_socket

module vpncawesomeness 1.0;

require {
        type vpnc_t;
        type ipsecnat_port_t;
        class udp_socket name_bind;
}

#============= vpnc_t ==============
allow vpnc_t ipsecnat_port_t:udp_socket name_bind;

Comment 1 Warren Togami 2007-10-18 17:28:03 UTC

dwalsh said that yesterday port 4500 began being labeled for the first time,
that would explain why this problem began now.

Comment 2 Daniel Walsh 2007-10-18 20:37:01 UTC

Fixed in selinux-policy-3.0.8-25

Comment 3 Daniel Walsh 2008-01-30 19:19:57 UTC

Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.