Description of problem: (cd /; sudo /usr/sbin/vpnc) connects, but setting up the network fails with about 15 messages: /etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied ... and so on. audit.log contains the following: type=SELINUX_ERR msg=audit(1214650324.205:212): security_compute_sid: invalid context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process type=SYSCALL msg=audit(1214650324.205:212): arch=40000003 syscall=11 success=no exit=-13 a0=8a1da98 a1=8a2f4e8 a2=8a19c98 a3=0 items=0 ppid=11903 pid=11904 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="vpnc-script" exe="/bin/bash" subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null) (... and so on, repeated several times.) Version-Release number of selected component (if applicable): selinux-policy-3.3.1-69.fc9.noarch AFAICT this started happening after upgrading to this policy. Additional info: $ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 $ ls -Z /usr/bin/sudo /usr/sbin/vpnc /etc/vpnc/vpnc-script /sbin/ip /sbin/ifconfig -rwxr-xr-x root root system_u:object_r:etc_t:s0 /etc/vpnc/vpnc-script -rwxr-xr-x root root system_u:object_r:ifconfig_exec_t:s0 /sbin/ifconfig -rwxr-xr-x root root system_u:object_r:ifconfig_exec_t:s0 /sbin/ip ---s--x--x root root system_u:object_r:sudo_exec_t:s0 /usr/bin/sudo -rwxr-xr-x root root system_u:object_r:vpnc_exec_t:s0 /usr/sbin/vpnc Relabeling didn't fix the problem.
Seems to work with selinux-policy-3.3.1-72.fc9.noarch.