View Issue Details

IDProjectCategoryView StatusLast Update
0015143CentOS-7selinux-policypublic2018-08-06 02:23
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015143: SELinux is preventing addconn from 'read' accesses on the file nm-l2tp-ipsec-368f32f1-7190-4957-a14d-3325c56c4a50.conf.
DescriptionDescription of problem:
SELinux is preventing addconn from 'read' accesses on the file nm-l2tp-ipsec-368f32f1-7190-4957-a14d-3325c56c4a50.conf.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that addconn should be allowed read access on the nm-l2tp-ipsec-368f32f1-7190-4957-a14d-3325c56c4a50.conf file by default.
Then si dovrebbe riportare il problema come bug.
E' possibile generare un modulo di politica locale per consentire questo accesso.
allow this access for now by executing:
# ausearch -c 'addconn' --raw | audit2allow -M my-addconn
# semodule -i my-addconn.pp

Additional Information:
Source Context system_u:system_r:ipsec_t:s0
Target Context system_u:object_r:l2tpd_var_run_t:s0
Target Objects nm-l2tp-ipsec-368f32f1-7190-4957-a14d-
                              3325c56c4a50.conf [ file ]
Source addconn
Source Path addconn
Port <Unknown>
Host (removed)
Source RPM Packages libreswan-3.23-3.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.3.3.el7.x86_64 #1 SMP
                              Fri Jun 15 04:15:27 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2018-07-23 10:26:22 CEST
Last Seen 2018-07-23 10:28:40 CEST
Local ID 94486f34-d94a-4ba9-b9f8-51fc4211fffd

Raw Audit Messages
type=AVC msg=audit(1532334520.8:880): avc: denied { read } for pid=9024 comm="addconn" name="nm-l2tp-ipsec-368f32f1-7190-4957-a14d-3325c56c4a50.conf" dev="tmpfs" ino=99442 scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:l2tpd_var_run_t:s0 tclass=file

type=SYSCALL msg=audit(1532334520.8:880): arch=x86_64 syscall=open success=no exit=EACCES a0=5602f2d18050 a1=0 a2=1b6 a3=24 items=0 ppid=9023 pid=9024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=addconn exe=/usr/libexec/ipsec/addconn subj=system_u:system_r:ipsec_t:s0 key=(null)

Hash: addconn,ipsec_t,l2tpd_var_run_t,file,read

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-862.9.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-06 02:23 t3kK4m New Issue