497168 – updated openswan package creating AVCs

Bug 497168 - updated openswan package creating AVCs

Summary: updated openswan package creating AVCs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	5.3
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-04-22 16:20 UTC by Steve Grubb
Modified:	2012-10-15 14:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-02 07:57:59 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:1242	0	normal	SHIPPED_LIVE	selinux-policy bug fix update	2009-09-01 08:32:34 UTC

Description Steve Grubb 2009-04-22 16:20:08 UTC

Description of problem:
the openswan program has been updated to use NSS. This changes its behavior for a couple things.

#============= ipsec_t ==============
allow ipsec_t ipsec_key_file_t:file write;
allow ipsec_t self:process getsched;
allow ipsec_t tmp_t:dir getattr;
allow ipsec_t usr_t:lnk_file read;

Comment 2 Daniel Walsh 2009-04-22 17:52:59 UTC

Fixed in selinux-policy-2.4.6-227.el5

Comment 10 errata-xmlrpc 2009-09-02 07:57:59 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1242.html

Note You need to log in before you can comment on or make changes to this bug.