Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 453360

Summary: vpnc apparently broken by selinux policy changes
Product: [Fedora] Fedora Reporter: James Morris <jmorris>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: high    
Version: 9CC: jcm, jkubin, sds
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-30 10:33:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description James Morris 2008-06-30 04:23:40 UTC
ifup [vpnc if] silently fails, with the following recorded in the audit.log:


type=SELINUX_ERR msg=audit(1214799326.764:19): security_compute_sid:  invalid
context unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1214799326.764:19): arch=c000003e syscall=59 success=no
exit=-13 a0=1d47810 a1=1d47780 a2=1d46300 a3=3a42f67a70 items=0 ppid=3808
pid=3809 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts0 ses=1 comm="vpnc-script" exe="/bin/bash"
subj=unconfined_u:unconfined_r:vpnc_t:s0-s0:c0.c1023 key=(null)


selinux-policy-3.3.1-69.fc9.noarch
vpnc-0.5.1-5.fc9.x86_64


We need to find out how this happened in the first place, and try to prevent
this kind of problem from happening again.

vpnc should also not fail silenty.

Comment 2 Jon Masters 2008-06-30 10:33:28 UTC

*** This bug has been marked as a duplicate of 453236 ***

Comment 5 Daniel Walsh 2008-06-30 19:23:05 UTC
That would be a problem.  I don't think I changed any transitions, although I
could have fixed something, that triggered another transition.

Comment 6 Jon Masters 2008-06-30 20:13:08 UTC
Yeah, we were trying to figure it out. And I still can't see how it broke!