Cisco VPNClient does not work with SELinux enabled in FC4

Sunday, 28 May 2006

Hi,
     I am running on FC4 and I installed Cisco VPN client software, however when I run
vpnclient I am getting the error message :

"vpnclient: error while loading shared libraries:
/opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission
denied"

 Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux.
 I am able to run the vpnclient by  disabling the SELinux using 
 setenforce 0
  The chcon command did not work (apparently it is not supposed to work in FC4)
  I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc:  denied  {
execmod } "

if I disable selinux and run the vpnclient command.
...
 Paul Howarth wrote :
 > The memory checks are present in FC4 but disabled by default. It 
 > appears
 > that they have somehow been enabled on your system. This should fix  it:
...
 > # setsebool -P allow_execmod 1

 I gave this command and it still does not work with
 SELinux. So digged a littlebit and gave the command
 # getsebool -a | less
 and I got a long output of which I took the ones that might
 make sense to you -
 allow_execmem --> active
 allow_execmod --> active
 allow_execstack --> active
 allow_kerberos --> active
 allow_write_xshm --> active
 allow_ypbind --> active
> There's something very weird going on there. allow_execmod should do
> what it says. I'd try asking about this on fedora-selinux-list, 
setsebool with execmod is not working either.
I have attached the relevant files as well. Any ideas ?
This should give you an idea of the SELinux version
...
 selinux-doc-1.19.5-1.noarch.rpm
 selinux-policy-strict-1.23.16-6.noarch.rpm
 selinux-policy-targeted-1.23.16-6.noarch.rpm 
Thanks
Newbie Yukku

---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 19
Policy from config file:        targeted

Policy booleans:
NetworkManager_disable_trans    inactive
allow_execmem                   active
allow_execmod                   active
allow_execstack                 active
allow_kerberos                  active
allow_write_xshm                inactive
allow_ypbind                    inactive
apmd_disable_trans              inactive
arpwatch_disable_trans          inactive
auditd_disable_trans            inactive
bluetooth_disable_trans         inactive
canna_disable_trans             inactive
cardmgr_disable_trans           inactive
comsat_disable_trans            inactive
cupsd_config_disable_trans      inactive
cupsd_disable_trans             inactive
cvs_disable_trans               inactive
cyrus_disable_trans             inactive
dbskkd_disable_trans            inactive
dhcpc_disable_trans             inactive
dhcpd_disable_trans             inactive
dovecot_disable_trans           inactive
fingerd_disable_trans           inactive
ftp_home_dir                    active
ftpd_disable_trans              inactive
ftpd_is_daemon                  active
hald_disable_trans              inactive
hotplug_disable_trans           inactive
howl_disable_trans              inactive
httpd_builtin_scripting         active
httpd_can_network_connect       inactive
httpd_disable_trans             inactive
httpd_enable_cgi                active
httpd_enable_homedirs           active
httpd_ssi_exec                  active
httpd_suexec_disable_trans      inactive
httpd_tty_comm                  inactive
httpd_unified                   active
i18n_input_disable_trans        inactive
inetd_child_disable_trans       inactive
inetd_disable_trans             inactive
innd_disable_trans              inactive
kadmind_disable_trans           inactive
klogd_disable_trans             inactive
krb5kdc_disable_trans           inactive
ktalkd_disable_trans            inactive
lpd_disable_trans               inactive
mysqld_disable_trans            inactive
named_disable_trans             inactive
named_write_master_zones        inactive
nfs_export_all_ro               active
nfs_export_all_rw               active
nmbd_disable_trans              inactive
nscd_disable_trans              inactive
ntpd_disable_trans              inactive
portmap_disable_trans           inactive
postgresql_disable_trans        inactive
pppd_disable_trans              inactive
pppd_for_user                   inactive
privoxy_disable_trans           inactive
ptal_disable_trans              inactive
radiusd_disable_trans           inactive
radvd_disable_trans             inactive
read_default_t                  active
rlogind_disable_trans           inactive
rsync_disable_trans             inactive
samba_enable_home_dirs          inactive
saslauthd_disable_trans         inactive
slapd_disable_trans             inactive
smbd_disable_trans              inactive
snmpd_disable_trans             inactive
squid_connect_any               inactive
squid_disable_trans             inactive
stunnel_disable_trans           inactive
stunnel_is_daemon               inactive
syslogd_disable_trans           inactive
system_dbusd_disable_trans      inactive
telnetd_disable_trans           inactive
tftpd_disable_trans             inactive
udev_disable_trans              inactive
use_nfs_home_dirs               inactive
use_samba_home_dirs             inactive
uucpd_disable_trans             inactive
winbind_disable_trans           inactive
ypbind_disable_trans            inactive
ypserv_disable_trans            inactive
zebra_disable_trans             inactive

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004