Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 452887 - SELinux breaks vpnc
Summary: SELinux breaks vpnc
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 9
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
: 452951 453076 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-25 16:02 UTC by Stefan Becker
Modified: 2008-06-30 08:49 UTC (History)
2 users (show)

Fixed In Version: selinux-policy-3.3.1-72.fc9.noarch
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-06-27 21:44:43 UTC

Attachments (Terms of Use)

Description Stefan Becker 2008-06-25 16:02:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061712 Fedora/3.0-1.fc9 Firefox/3.0

Description of problem:
I just updated to latest selinux-policy-targeted and vpnc stopped working.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. vpnc <connection> (as root)
2. Enter password

Actual Results:
/etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 133: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 134: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 135: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 142: /sbin/ip: Permission denied
/etc/vpnc/vpnc-script: line 143: /sbin/ip: Permission denied
VPNC started in background (pid: 6975)...

Although the daemon is running the VPN connection does not exist

Expected Results:
Working VPN connection

Additional info:
Current vpnc version installed: vpnc-0.5.1-5.fc9.i386

vpnc works fine with "setenforce 0".

Comment 1 Daniel Walsh 2008-06-26 12:03:41 UTC
Fixed in selinux-policy-3.3.1-72.fc9.noarch

Comment 2 Bill C. Riemers 2008-06-27 05:41:23 UTC
*** Bug 453076 has been marked as a duplicate of this bug. ***

Comment 3 Bill C. Riemers 2008-06-27 05:42:12 UTC
*** Bug 452951 has been marked as a duplicate of this bug. ***

Comment 4 Bill C. Riemers 2008-06-27 05:43:59 UTC
BTW.  Do you want me to open a separate bug for the problem with audit2allow
creating bogus output?

Comment 5 Stefan Becker 2008-06-27 09:51:12 UTC
Did you maybe forget to inititate the package build?


still only shows selinux-policy-3.3.1-71.fc9 as the latest built package.

Comment 6 Bill C. Riemers 2008-06-27 13:18:20 UTC
Rawhide has selinux-policy-3.4.2-7.fc10.  Does that contain the fix?

Comment 7 Stefan Becker 2008-06-27 21:44:43 UTC
Retested with selinux-policy-3.3.1-72.fc9.noarch from koji. Works again. Thanks!

Comment 8 Daniel Walsh 2008-06-29 11:45:11 UTC
Well if selinux-policy-3.4.2-7.fc10 does not have the fix,
selinux-policy-3.4.2-8.fc10 should

Comment 9 Tim Waugh 2008-06-30 08:49:10 UTC
selinux-policy-3.3.1-72.fc9 fixes it here.

Note You need to log in before you can comment on or make changes to this bug.