[Openswan Users] Pluto has conflict with SeLinux

Paul Wouters paul at xelerance.com
Fri Sep 19 12:57:22 EDT 2008


On Tue, 16 Sep 2008, Paul Wouters wrote:

> On Tue, 16 Sep 2008, OCG Technical Support wrote:
>
>> I'm trying to run IPSec on a system with SeLinux on it.  It appears that
>> Pluto has a problem I can't get past (I add local policies for this AVC
>> below but doesn't solve the problem):
>>
>> host=firewall.ocg.ca type=AVC msg=audit(1221407602.428:4482): avc: denied {
>> bind } for pid=24677 comm="pluto" scontext=unconfined_u:system_r:ipsec_t:s0
>> tcontext=unconfined_u:system_r:ipsec_t:s0 tclass=netlink_xfrm_socket
>>
>> Any ideas?  Has anyone written a local policy for Pluto that works?
>
> Try the latest rhel/fedora packages and selinux policies?
>
> I am not sure why pluto cannot access ipsec_t or netlink_xfrm_socket.
> I'm pretty sure it was able to do so in the past on RHEL/Fedora.

See also https://bugzilla.redhat.com/show_bug.cgi?id=443646

Paul


More information about the Users mailing list