Bug 537133 - Openswan FIPS-140 work blocked by AVCs
Summary: Openswan FIPS-140 work blocked by AVCs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.4
Hardware: All
OS: Linux
urgent
medium
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 538452
TreeView+ depends on / blocked
 
Reported: 2009-11-12 16:12 UTC by Steve Grubb
Modified: 2012-10-15 14:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-30 07:49:03 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
avcs collected (2.50 KB, text/plain)
2009-11-12 16:12 UTC, Steve Grubb
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2010:0182 0 normal SHIPPED_LIVE selinux-policy bug fix update 2010-03-29 12:19:53 UTC

Description Steve Grubb 2009-11-12 16:12:58 UTC
Created attachment 369246 [details]
avcs collected

Description of problem:
When testing openswan as part of the FIPS-140 cert, we are getting AVCs which cause the intergrity check to fail, which in turn causes pluto to not start during system boot.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-236.el5

How reproducible:
always

Steps to Reproduce:
1. setup openswan
2. boot system
3. ausearch --start recent -m avc
  
Additional info:
This is blocking the FIPS-140 cert and we will need a z-stream release for 5.4.z.

Comment 1 Daniel Walsh 2009-11-12 16:59:23 UTC
Fixed for a while in selinux-policy-2.4.6-264.el5

Preview available on http://people.redhat.com/dwalsh/SELinux/RHEL5

Comment 10 errata-xmlrpc 2010-03-30 07:49:03 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0182.html


Note You need to log in before you can comment on or make changes to this bug.