Bug 452887 - SELinux breaks vpnc
SELinux breaks vpnc
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
9
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
: 452951 453076 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-25 12:02 EDT by Stefan Becker
Modified: 2008-06-30 04:49 EDT (History)
2 users (show)

See Also:
Fixed In Version: selinux-policy-3.3.1-72.fc9.noarch
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-27 17:44:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stefan Becker 2008-06-25 12:02:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061712 Fedora/3.0-1.fc9 Firefox/3.0

Description of problem:
I just updated to latest selinux-policy-targeted and vpnc stopped working.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-69.fc9.noarch

How reproducible:
Always


Steps to Reproduce:
1. vpnc <connection> (as root)
2. Enter password
3.

Actual Results:
/etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 133: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 134: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 135: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
VPNC started in background (pid: 6975)...

Although the daemon is running the VPN connection does not exist

Expected Results:
Working VPN connection

Additional info:
Current vpnc version installed: vpnc-0.5.1-5.fc9.i386

vpnc works fine with "setenforce 0".
Comment 1 Daniel Walsh 2008-06-26 08:03:41 EDT
Fixed in selinux-policy-3.3.1-72.fc9.noarch
Comment 2 Bill C. Riemers 2008-06-27 01:41:23 EDT
*** Bug 453076 has been marked as a duplicate of this bug. ***
Comment 3 Bill C. Riemers 2008-06-27 01:42:12 EDT
*** Bug 452951 has been marked as a duplicate of this bug. ***
Comment 4 Bill C. Riemers 2008-06-27 01:43:59 EDT
BTW.  Do you want me to open a separate bug for the problem with audit2allow
creating bogus output?
Comment 5 Stefan Becker 2008-06-27 05:51:12 EDT
Did you maybe forget to inititate the package build?

<http://koji.fedoraproject.org/koji/packageinfo?packageID=32>

still only shows selinux-policy-3.3.1-71.fc9 as the latest built package.
Comment 6 Bill C. Riemers 2008-06-27 09:18:20 EDT
Rawhide has selinux-policy-3.4.2-7.fc10.  Does that contain the fix?



Comment 7 Stefan Becker 2008-06-27 17:44:43 EDT
Retested with selinux-policy-3.3.1-72.fc9.noarch from koji. Works again. Thanks!
Comment 8 Daniel Walsh 2008-06-29 07:45:11 EDT
Well if selinux-policy-3.4.2-7.fc10 does not have the fix,
selinux-policy-3.4.2-8.fc10 should
Comment 9 Tim Waugh 2008-06-30 04:49:10 EDT
selinux-policy-3.3.1-72.fc9 fixes it here.

Note You need to log in before you can comment on or make changes to this bug.