Description of problem: For some reason NetworkManager doesn't know how to connect to my university's VPN, so I need to use the openvpn configuration file supplied by the university and "service openvpn start" directly. After the connection has been formed, sealert pops up with this error message: SELinux is preventing /usr/sbin/openvpn "ipc_lock" access. node=poytakone type=AVC msg=audit(1259325223.580:19): avc: denied { ipc_lock } for pid=2469 comm="openvpn" capability=14 scontext=unconfined_u:system_r:openvpn_t:s0 tcontext=unconfined_u:system_r:openvpn_t:s0 tclass=capability node=poytakone type=AVC msg=audit(1259325223.580:19): avc: denied { ipc_lock } for pid=2469 comm="openvpn" capability=14 scontext=unconfined_u:system_r:openvpn_t:s0 tcontext=unconfined_u:system_r:openvpn_t:s0 tclass=capability node=poytakone type=SYSCALL msg=audit(1259325223.580:19): arch=c000003e syscall=151 success=no exit=-12 a0=3 a1=7fffcad1b9a0 a2=0 a3=8 items=0 ppid=2466 pid=2469 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="openvpn" exe="/usr/sbin/openvpn" subj=unconfined_u:system_r:openvpn_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-3.6.32-46.fc12.noarch
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-52.fc12.noarch
selinux-policy-3.6.32-52.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-52.fc12
selinux-policy-3.6.32-52.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12549
selinux-policy-3.6.32-55.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-55.fc12
selinux-policy-3.6.32-55.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12650
selinux-policy-3.6.32-55.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
selinux-policy-3.6.32-120.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-120.fc12
selinux-policy-3.6.32-120.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.