Summary: SELinux is preventing /usr/libexec/nm-openvpn-service "read" access on dial.p12. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by nm-openvpn-serv. It is not expected that this access is required by nm-openvpn-serv and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:openvpn_etc_t:s0 Target Objects dial.p12 [ file ] Source nm-openvpn-serv Source Path /usr/libexec/nm-openvpn-service Port <Unknown> Host (removed) Source RPM Packages NetworkManager-openvpn-0.8.1-1.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-4.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-45.fc14.i686.PAE #1 SMP Mon Oct 18 23:49:30 UTC 2010 i686 i686 Alert Count 14 First Seen Sun 31 Oct 2010 07:28:32 PM CET Last Seen Sun 31 Oct 2010 07:34:03 PM CET Local ID 411fcafe-d214-4d7b-99fe-fef8ec2337b6 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1288550043.98:49): avc: denied { read } for pid=2221 comm="nm-openvpn-serv" name="dial.p12" dev=sda8 ino=286206 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:openvpn_etc_t:s0 tclass=file node=(removed) type=AVC msg=audit(1288550043.98:49): avc: denied { open } for pid=2221 comm="nm-openvpn-serv" name="dial.p12" dev=sda8 ino=286206 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:openvpn_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1288550043.98:49): arch=40000003 syscall=5 success=yes exit=6 a0=960cf70 a1=8000 a2=0 a3=960cf70 items=0 ppid=1001 pid=2221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-openvpn-serv" exe="/usr/libexec/nm-openvpn-service" subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash String generated from catchall,nm-openvpn-serv,NetworkManager_t,openvpn_etc_t,file,read audit2allow suggests: #============= NetworkManager_t ============== allow NetworkManager_t openvpn_etc_t:file { read open };
*** Bug 648261 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-3.9.7-8.fc14
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
*** Bug 651716 has been marked as a duplicate of this bug. ***
The updated packages are available from Koji for now http://koji.fedoraproject.org/koji/buildinfo?buildID=204093
selinux-policy-3.9.7-10.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-10.fc14
selinux-policy-3.9.7-10.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-10.fc14
selinux-policy-3.9.7-10.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.