452951 – vpnc: invalid context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023

Bug 452951 - vpnc: invalid context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023

Summary: vpnc: invalid context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023

Keywords:
Status:	CLOSED DUPLICATE of bug 452887
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-06-26 08:13 UTC by Tim Waugh
Modified:	2008-06-27 05:42 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-06-27 05:42:11 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tim Waugh 2008-06-26 08:13:08 UTC

Description of problem:
When starting vpnc on a fresh installation of Fedora 9 (plus updates) in
enforcing mode, it fails and there are audit messages.

Version-Release number of selected component (if applicable):
vpnc-0.5.1-5.fc9.x86_64
selinux-policy-targeted-3.3.1-69.fc9.noarch

How reproducible:
Every time.

Steps to Reproduce:
1.Boot machine.
2.Log in (I do this with VNC)
3.Start a gnome-terminal
4.su -
5.vpnc
  
Actual results:
/etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
VPNC started in background (pid: 3913)...

(vpnc has actually started, but there is no tun0 interface so it has no effect)

Additional info:
It works fine after 'setenforce 0' -- and then it even seems to work again after
'setenforce 1'.

Here are the file contexts:

[root@cyberelk ~]# ls -Z /sbin/ip /usr/sbin/vpnc /etc/vpnc/vpnc-script 
-rwxr-xr-x  root root system_u:object_r:etc_t:s0       /etc/vpnc/vpnc-script
-rwxr-xr-x  root root system_u:object_r:ifconfig_exec_t:s0 /sbin/ip
-rwxr-xr-x  root root system_u:object_r:vpnc_exec_t:s0 /usr/sbin/vpnc

Here are the lines of audit.log that are added when starting vpnc:

type=SELINUX_ERR msg=audit(1214463451.682:50): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.682:50): arch=c000003e syscall=59 success=no
exit=-13 a0=108f350 a1=108f3b0 a2=106fef0 a3=3499167a70 items=0 ppid=3883
pid=3884 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 ses=2 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.684:51): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.684:51): arch=c000003e syscall=59 success=no
exit=-13 a0=1071390 a1=1071300 a2=106fef0 a3=3499167a70 items=0 ppid=3887
pid=3888 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 ses=2 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.686:52): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.686:52): arch=c000003e syscall=59 success=no
exit=-13 a0=108f370 a1=108f910 a2=106fef0 a3=3499167a70 items=0 ppid=3875
pid=3891 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 ses=2 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.687:53): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.687:53): arch=c000003e syscall=59 success=no
exit=-13 a0=108e4c0 a1=108f280 a2=106fef0 a3=3499167a70 items=0 ppid=3892
pid=3893 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 ses=2 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.688:54): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.688:54): arch=c000003e syscall=59 success=no
exit=-13 a0=108e530 a1=108e440 a2=106fef0 a3=8 items=0 ppid=3875 pid=3896
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.688:55): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.688:55): arch=c000003e syscall=59 success=no
exit=-13 a0=108dfe0 a1=108e3c0 a2=106fef0 a3=8 items=0 ppid=3875 pid=3897
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.689:56): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.689:56): arch=c000003e syscall=59 success=no
exit=-13 a0=10903b0 a1=106f970 a2=106fef0 a3=8 items=0 ppid=3875 pid=3898
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.689:57): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.689:57): arch=c000003e syscall=59 success=no
exit=-13 a0=108e5c0 a1=1090160 a2=106fef0 a3=3499167a70 items=0 ppid=3875
pid=3899 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 ses=2 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.691:58): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.691:58): arch=c000003e syscall=59 success=no
exit=-13 a0=108ef20 a1=106f970 a2=106fef0 a3=8 items=0 ppid=3875 pid=3901
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.691:59): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.691:59): arch=c000003e syscall=59 success=no
exit=-13 a0=10901a0 a1=10901c0 a2=106fef0 a3=8 items=0 ppid=3875 pid=3902
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.692:60): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.692:60): arch=c000003e syscall=59 success=no
exit=-13 a0=108fee0 a1=106f970 a2=106fef0 a3=8 items=0 ppid=3875 pid=3904
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.693:61): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.693:61): arch=c000003e syscall=59 success=no
exit=-13 a0=1090470 a1=1090320 a2=106fef0 a3=8 items=0 ppid=3875 pid=3905
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.694:62): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.694:62): arch=c000003e syscall=59 success=no
exit=-13 a0=1090410 a1=106f970 a2=106fef0 a3=8 items=0 ppid=3875 pid=3907
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.694:63): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.694:63): arch=c000003e syscall=59 success=no
exit=-13 a0=1090490 a1=108f1d0 a2=106fef0 a3=8 items=0 ppid=3875 pid=3908
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.695:64): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.695:64): arch=c000003e syscall=59 success=no
exit=-13 a0=1090450 a1=106f970 a2=106fef0 a3=8 items=0 ppid=3875 pid=3909
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1214463451.695:65): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214463451.695:65): arch=c000003e syscall=59 success=no
exit=-13 a0=1090350 a1=108e9f0 a2=106fef0 a3=8 items=0 ppid=3875 pid=3910
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2
comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)

Comment 1 Daniel Walsh 2008-06-26 11:41:55 UTC

Fixed in selinux-policy-3.3.1-72.fc9.noarch

Comment 2 Bill C. Riemers 2008-06-27 05:42:11 UTC


*** This bug has been marked as a duplicate of 452887 ***

Note You need to log in before you can comment on or make changes to this bug.