[Openswan Users] Pluto has conflict with SeLinux

OCG Technical Support support at ocg.ca
Tue Sep 16 16:42:59 EDT 2008

I'm running the latest IPSec, and I have updated all packages with Yum (on
Fedora 9 - the latest)....same problem.

Is that what you meant to update selinux policies?


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: September 16, 2008 12:26 PM
To: Michelle Dupuis
Cc: users at openswan.org
Subject: Re: [Openswan Users] Pluto has conflict with SeLinux

On Tue, 16 Sep 2008, OCG Technical Support wrote:

> I'm trying to run IPSec on a system with SeLinux on it.  It appears that
> Pluto has a problem I can't get past (I add local policies for this AVC
> below but doesn't solve the problem):
> host=firewall.ocg.ca type=AVC msg=audit(1221407602.428:4482): avc: denied
> bind } for pid=24677 comm="pluto"
> tcontext=unconfined_u:system_r:ipsec_t:s0 tclass=netlink_xfrm_socket
> Any ideas?  Has anyone written a local policy for Pluto that works?

Try the latest rhel/fedora packages and selinux policies?

I am not sure why pluto cannot access ipsec_t or netlink_xfrm_socket.
I'm pretty sure it was able to do so in the past on RHEL/Fedora.


More information about the Users mailing list