Hi,
I am running on FC4 and I installed Cisco VPN client software, however when I run
vpnclient I am getting the error message :
"vpnclient: error while loading shared libraries:
/opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission
denied"
Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux.
I am able to run the vpnclient by disabling the SELinux using
setenforce 0
The chcon command did not work (apparently it is not supposed to work in FC4)
I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc: denied {
execmod } "
if I disable selinux and run the vpnclient command.
Paul Howarth wrote :
> The memory checks are present in FC4 but disabled by default. It
> appears
> that they have somehow been enabled on your system. This should fix
it:
> # setsebool -P allow_execmod 1
I gave this command and it still does not work with
SELinux. So digged a littlebit and gave the command
# getsebool -a | less
and I got a long output of which I took the ones that might
make sense to you -
allow_execmem --> active
allow_execmod --> active
allow_execstack --> active
allow_kerberos --> active
allow_write_xshm --> active
allow_ypbind --> active
> There's something very weird going on there. allow_execmod should do
> what it says. I'd try asking about this on fedora-selinux-list,
setsebool with execmod is not working either.
I have attached the relevant files as well. Any ideas ?
This should give you an idea of the SELinux version
selinux-doc-1.19.5-1.noarch.rpm
selinux-policy-strict-1.23.16-6.noarch.rpm
selinux-policy-targeted-1.23.16-6.noarch.rpm
Thanks
Newbie Yukku
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 19
Policy from config file: targeted
Policy booleans:
NetworkManager_disable_trans inactive
allow_execmem active
allow_execmod active
allow_execstack active
allow_kerberos active
allow_write_xshm inactive
allow_ypbind inactive
apmd_disable_trans inactive
arpwatch_disable_trans inactive
auditd_disable_trans inactive
bluetooth_disable_trans inactive
canna_disable_trans inactive
cardmgr_disable_trans inactive
comsat_disable_trans inactive
cupsd_config_disable_trans inactive
cupsd_disable_trans inactive
cvs_disable_trans inactive
cyrus_disable_trans inactive
dbskkd_disable_trans inactive
dhcpc_disable_trans inactive
dhcpd_disable_trans inactive
dovecot_disable_trans inactive
fingerd_disable_trans inactive
ftp_home_dir active
ftpd_disable_trans inactive
ftpd_is_daemon active
hald_disable_trans inactive
hotplug_disable_trans inactive
howl_disable_trans inactive
httpd_builtin_scripting active
httpd_can_network_connect inactive
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_suexec_disable_trans inactive
httpd_tty_comm inactive
httpd_unified active
i18n_input_disable_trans inactive
inetd_child_disable_trans inactive
inetd_disable_trans inactive
innd_disable_trans inactive
kadmind_disable_trans inactive
klogd_disable_trans inactive
krb5kdc_disable_trans inactive
ktalkd_disable_trans inactive
lpd_disable_trans inactive
mysqld_disable_trans inactive
named_disable_trans inactive
named_write_master_zones inactive
nfs_export_all_ro active
nfs_export_all_rw active
nmbd_disable_trans inactive
nscd_disable_trans inactive
ntpd_disable_trans inactive
portmap_disable_trans inactive
postgresql_disable_trans inactive
pppd_disable_trans inactive
pppd_for_user inactive
privoxy_disable_trans inactive
ptal_disable_trans inactive
radiusd_disable_trans inactive
radvd_disable_trans inactive
read_default_t active
rlogind_disable_trans inactive
rsync_disable_trans inactive
samba_enable_home_dirs inactive
saslauthd_disable_trans inactive
slapd_disable_trans inactive
smbd_disable_trans inactive
snmpd_disable_trans inactive
squid_connect_any inactive
squid_disable_trans inactive
stunnel_disable_trans inactive
stunnel_is_daemon inactive
syslogd_disable_trans inactive
system_dbusd_disable_trans inactive
telnetd_disable_trans inactive
tftpd_disable_trans inactive
udev_disable_trans inactive
use_nfs_home_dirs inactive
use_samba_home_dirs inactive
uucpd_disable_trans inactive
winbind_disable_trans inactive
ypbind_disable_trans inactive
ypserv_disable_trans inactive
zebra_disable_trans inactive