Description of problem: avc: denied { module_request } ... Version-Release number of selected component (if applicable): 3.6.32-41.fc12 How reproducible: try to run setkey/racoon without af_key loaded Actual results: avc, racoon says protocol not available Expected results: working ipsec Additional info: Please add kernel_request_load_module(setkey_t) to policy. Thanks.
Did you turn off ipv6?
Yes, we do: echo "install ipv6 /bin/true" >> /etc/modprobe.d/ipv6blacklist.conf echo "install sit /bin/true" >> /etc/modprobe.d/ipv6blacklist.conf echo "install tunnel4 /bin/true" >> /etc/modprobe.d/ipv6blacklist.conf echo "blacklist ipv6" > /etc/modprobe.d/ipv6blacklist.conf
*** This bug has been marked as a duplicate of bug 527936 ***
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-47.fc12.noarch
selinux-policy-3.6.32-49.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-49.fc12
selinux-policy-3.6.32-49.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12131
selinux-policy-3.6.32-49.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.