Cisco VPNClient does not work with SELinux enabled in FC4

yukku yukkoooooo yukku19752000 at yahoo.com
Sun May 28 08:20:07 UTC 2006 

Hi,
     I am running on FC4 and I installed Cisco VPN client software, however when I run vpnclient I am getting the error message :
 
"vpnclient: error while loading shared libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission denied"

 Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux.
 I am able to run the vpnclient by  disabling the SELinux using 
 setenforce 0
  The chcon command did not work (apparently it is not supposed to work in FC4)
  I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc:  denied  { execmod } "
 
if I disable selinux and run the vpnclient command.
> Paul Howarth wrote :
> > The memory checks are present in FC4 but disabled by default. It 
> > appears
> > that they have somehow been enabled on your system. This should fix 
it:
> > # setsebool -P allow_execmod 1
> 
> I gave this command and it still does not work with
> SELinux. So digged a littlebit and gave the command
> # getsebool -a | less
> and I got a long output of which I took the ones that might
> make sense to you -
> allow_execmem --> active
> allow_execmod --> active
> allow_execstack --> active
> allow_kerberos --> active
> allow_write_xshm --> active
> allow_ypbind --> active
>> There's something very weird going on there. allow_execmod should do
>> what it says. I'd try asking about this on fedora-selinux-list,

setsebool with execmod is not working either.
I have attached the relevant files as well. Any ideas ?
This should give you an idea of the SELinux version
> selinux-doc-1.19.5-1.noarch.rpm
> selinux-policy-strict-1.23.16-6.noarch.rpm
> selinux-policy-targeted-1.23.16-6.noarch.rpm

Thanks
Newbie Yukku



		
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log
Type: text/x-log
Size: 1070 bytes
Desc: 1329256320-audit.log
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.bin 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sestatus.txt
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.txt

More information about the selinux mailing list