Bug 537133
| Summary: | Openswan FIPS-140 work blocked by AVCs | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Steve Grubb <sgrubb> | ||||
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 5.4 | CC: | dwalsh, ebenes, jplans, mmalik | ||||
| Target Milestone: | rc | Keywords: | ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2010-03-30 07:49:03 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 538452 | ||||||
| Attachments: |
|
||||||
Fixed for a while in selinux-policy-2.4.6-264.el5 Preview available on http://people.redhat.com/dwalsh/SELinux/RHEL5 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0182.html |
Created attachment 369246 [details] avcs collected Description of problem: When testing openswan as part of the FIPS-140 cert, we are getting AVCs which cause the intergrity check to fail, which in turn causes pluto to not start during system boot. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-236.el5 How reproducible: always Steps to Reproduce: 1. setup openswan 2. boot system 3. ausearch --start recent -m avc Additional info: This is blocking the FIPS-140 cert and we will need a z-stream release for 5.4.z.