Red Hat Bugzilla – Bug 600772
SELinux is preventing /usr/bin/openconnect "relabelfrom" access .
Last modified: 2010-06-07 07:49:25 EDT
Resúmen: SELinux is preventing /usr/bin/openconnect "relabelfrom" access . Descripción Detallada: SELinux denied access requested by openconnect. It is not expected that this access is required by openconnect and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Permitiendo Acceso: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Información Adicional: Contexto Fuente unconfined_u:system_r:vpnc_t:s0 Contexto Destino unconfined_u:system_r:vpnc_t:s0 Objetos Destino None [ tun_socket ] Fuente openconnect Dirección de Fuente /usr/bin/openconnect Puerto <Desconocido> Nombre de Equipo (eliminado) Paquetes RPM Fuentes openconnect-2.22-1.fc12 Paquetes RPM Destinos RPM de Políticas selinux-policy-3.6.32-110.fc12 SELinux Activado True Tipo de Política targeted Modo Obediente Enforcing Nombre de Plugin catchall Nombre de Equipo (eliminado) Plataforma Linux (eliminado) 2.6.32.11-99.fc12.i686.PAE #1 SMP Mon Apr 5 16:15:03 EDT 2010 i686 i686 Cantidad de Alertas 3 Visto por Primera Vez dom 02 may 2010 21:24:00 EDT Visto por Última Vez dom 02 may 2010 21:24:22 EDT ID Local 11642e2b-ee4f-444b-87b0-1ada56541645 Números de Línea Mensajes de Auditoría Crudos node=(eliminado) type=AVC msg=audit(1272849862.302:30): avc: denied { relabelfrom } for pid=2494 comm="openconnect" scontext=unconfined_u:system_r:vpnc_t:s0 tcontext=unconfined_u:system_r:vpnc_t:s0 tclass=tun_socket node=(eliminado) type=SYSCALL msg=audit(1272849862.302:30): arch=40000003 syscall=54 success=no exit=-13 a0=5 a1=400454ca a2=bfd8782c a3=5 items=0 ppid=2382 pid=2494 auid=501 uid=490 gid=0 euid=490 suid=490 fsuid=490 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="openconnect" exe="/usr/bin/openconnect" subj=unconfined_u:system_r:vpnc_t:s0 key=(null) Hash String generated from catchall,openconnect,vpnc_t,vpnc_t,tun_socket,relabelfrom audit2allow suggests: #============= vpnc_t ============== allow vpnc_t self:tun_socket relabelfrom;
This is an old avc from F12 on F13 box. Please fully update your machine yum update