Bug 453360 - vpnc apparently broken by selinux policy changes
vpnc apparently broken by selinux policy changes
Status: CLOSED DUPLICATE of bug 453236
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
high Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-30 00:23 EDT by James Morris
Modified: 2008-06-30 16:13 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-30 06:33:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Morris 2008-06-30 00:23:40 EDT
ifup [vpnc if] silently fails, with the following recorded in the audit.log:

type=SELINUX_ERR msg=audit(1214799326.764:19): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214799326.764:19): arch=c000003e syscall=59 success=no
exit=-13 a0=1d47810 a1=1d47780 a2=1d46300 a3=3a42f67a70 items=0 ppid=3808
pid=3809 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts0 ses=1 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)


We need to find out how this happened in the first place, and try to prevent
this kind of problem from happening again.

vpnc should also not fail silenty.
Comment 2 Jon Masters 2008-06-30 06:33:28 EDT

*** This bug has been marked as a duplicate of 453236 ***
Comment 5 Daniel Walsh 2008-06-30 15:23:05 EDT
That would be a problem.  I don't think I changed any transitions, although I
could have fixed something, that triggered another transition.
Comment 6 Jon Masters 2008-06-30 16:13:08 EDT
Yeah, we were trying to figure it out. And I still can't see how it broke!

Note You need to log in before you can comment on or make changes to this bug.