Cisco VPNClient does not work with SELinux enabled in FC4
yukku yukkoooooo
yukku19752000 at yahoo.com
Sun May 28 08:20:07 UTC 2006
Hi,
I am running on FC4 and I installed Cisco VPN client software, however when I run vpnclient I am getting the error message :
"vpnclient: error while loading shared libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission denied"
Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux.
I am able to run the vpnclient by disabling the SELinux using
setenforce 0
The chcon command did not work (apparently it is not supposed to work in FC4)
I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc: denied { execmod } "
if I disable selinux and run the vpnclient command.
> Paul Howarth wrote :
> > The memory checks are present in FC4 but disabled by default. It
> > appears
> > that they have somehow been enabled on your system. This should fix
it:
> > # setsebool -P allow_execmod 1
>
> I gave this command and it still does not work with
> SELinux. So digged a littlebit and gave the command
> # getsebool -a | less
> and I got a long output of which I took the ones that might
> make sense to you -
> allow_execmem --> active
> allow_execmod --> active
> allow_execstack --> active
> allow_kerberos --> active
> allow_write_xshm --> active
> allow_ypbind --> active
>> There's something very weird going on there. allow_execmod should do
>> what it says. I'd try asking about this on fedora-selinux-list,
setsebool with execmod is not working either.
I have attached the relevant files as well. Any ideas ?
This should give you an idea of the SELinux version
> selinux-doc-1.19.5-1.noarch.rpm
> selinux-policy-strict-1.23.16-6.noarch.rpm
> selinux-policy-targeted-1.23.16-6.noarch.rpm
Thanks
Newbie Yukku
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log
Type: text/x-log
Size: 1070 bytes
Desc: 1329256320-audit.log
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.bin
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sestatus.txt
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060528/011d1176/attachment.txt
More information about the selinux
mailing list