[Openswan Users] Help Please! Pluto won't run
Paul Wouters
paul at xelerance.com
Tue Jul 8 01:55:44 EDT 2008
On Tue, 8 Jul 2008, Tomasz Grzelak wrote:
> > > Jul 6 11:37:27 monitor ipsec__plutorun: pluto: unable to create lock
> > file
> > > "/var/run/pluto/pluto.pid" (13 Permission denied)
> > > Jul 6 11:37:27 monitor kernel: type=1400 audit(1215369447.785:9): avc:
> > > denied { write } for pid=2005 comm="pluto" name="pluto" dev=sda3
> > > ino=663686 scontext=system_u:system_r:ipsec_t:s0
> > > tcontext=system_u:object_r:ipsec_var_run_t:s0 tclass=dir
> >
> > Disable SElinux.
>
>
> hmm... for me it's a strange advice...
> Wouldn't it be better to update the SE policy to support pluto daemon? (is
> there anything I don't know about that makes impossible to use Openswan in a
> SELinux environment?)
Yes, that would be better. Some policies were written by RedHat. Tuomo improved
on those. But none work for KLIPS, and even on NETKEY there are problems. And
if you have custom updown scripts then you have more problems.
I am not sure where you can pull the redhat policies from, obviously theirs
are able to properly create lock files.
Paul
More information about the Users
mailing list