[Openswan Users] Pluto has conflict with SeLinux
OCG Technical Support
support at ocg.ca
Tue Sep 16 16:42:59 EDT 2008
I'm running the latest IPSec, and I have updated all packages with Yum (on
Fedora 9 - the latest)....same problem.
Is that what you meant to update selinux policies?
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: September 16, 2008 12:26 PM
To: Michelle Dupuis
Cc: users at openswan.org
Subject: Re: [Openswan Users] Pluto has conflict with SeLinux
On Tue, 16 Sep 2008, OCG Technical Support wrote:
> I'm trying to run IPSec on a system with SeLinux on it. It appears that
> Pluto has a problem I can't get past (I add local policies for this AVC
> below but doesn't solve the problem):
> host=firewall.ocg.ca type=AVC msg=audit(1221407602.428:4482): avc: denied
> bind } for pid=24677 comm="pluto"
> tcontext=unconfined_u:system_r:ipsec_t:s0 tclass=netlink_xfrm_socket
> Any ideas? Has anyone written a local policy for Pluto that works?
Try the latest rhel/fedora packages and selinux policies?
I am not sure why pluto cannot access ipsec_t or netlink_xfrm_socket.
I'm pretty sure it was able to do so in the past on RHEL/Fedora.
More information about the Users