Cisco VPN client does not work on FC4

Paul Howarth paul at city-fan.org
Fri May 12 18:43:08 UTC 2006


On Fri, 2006-05-12 at 11:26 -0700, yukku yukkoooooo wrote:
> Hi,
> > Try:
> > # chcon -t textrel_shlib_t /opt/cisco-vpnclient/lib/libvpnapi.so
> > Repeat for any similar error you get for different libraries.
> > This is an SELinux issue.
>     Thanks for the reply. Your diagnosis is indeed correct. But the
> fix is not working for me on FC4.
> When I tried your command on my FC4 as root, this command gave the
> error -
> # chcon -t textrel_shlib_t /opt/cisco-vpnclient/lib/libvpnapi.so 
> chcon: failed to change context
> of /opt/cisco-vpnclient/lib/libvpnapi.so to
> root :object_r:textrel_shlib_t: Invalid argument
> man or info of chcon did not give me too much info.
> So  I tried to disable SELinux using the command
> # setenforce 0
> and the vpnclient command started working !!
> I was able to logon to the network too. The problem is I don't want to
> disable SELinux, so what do you think should I fix in the above
> command to make it work in SELinux mode ?

AFAIK there is no SELinux memory protection in FC4, so this particular
problem should not happen on that distro. The VPN client may be failing
for other non-memory-checking reasons. Look in /var/log/messages
and/or /var/log/audit/audit.log for "avc:  denied" after you have run
the client in permissive mode (setenforce 0) and see what crops up.

Paul.




More information about the fedora-list mailing list