Hello, in Fedora Core 5 selinux blocks execution of the CISCO vpnclient, as well as acroread: [klaus.steinberger@noname ~]$ acroread /usr/lib/acroread/Reader/intellinux/bin/acroread: error while loading shared libraries: /usr/lib/acroread/Reader/intellinux/lib/libJP2K.so: cannot restore segment prot after reloc: Permission denied [klaus.steinberger@noname ~]$ type=AVC msg=audit(1146115808.601:23): avc: denied { execmod } for pid=3366 comm="acroread" name="libJP2K.so" dev=hda2 ino=2680495 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file type=SYSCALL msg=audit(1146115808.601:23): arch=40000003 syscall=125 success=no exit=-13 a0=2d4000 a1=aa000 a2=5 a3=bfb2dfd0 items=0 pid=3366 auid=10022 uid=10022 gid=100 euid=10022 suid=10022 fsuid=10022 egid=100 sgid=100 fsgid=100 comm="acroread" exe="/usr/lib/acroread/Reader/intellinux/bin/acroread" type=AVC_PATH msg=audit(1146115808.601:23): path="/usr/lib/acroread/Reader/intellinux/lib/libJP2K.so" [klaus.steinberger@noname ~]$ vpnclient connect lrz vpnclient: error while loading shared libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission denied [klaus.steinberger@noname ~]$ type=AVC msg=audit(1146115819.449:24): avc: denied { execmod } for pid=3437 comm="vpnclient" name="libvpnapi.so" dev=hda2 ino=2676482 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file type=SYSCALL msg=audit(1146115819.449:24): arch=40000003 syscall=125 success=no exit=-13 a0=5ce000 a1=43000 a2=5 a3=bfa87450 items=0 pid=3437 auid=10022 uid=10022 gid=100 euid=10022 suid=10022 fsuid=10022 egid=100 sgid=100 fsgid=100 comm="vpnclient" exe="/opt/cisco-vpnclient/bin/vpnclient" type=AVC_PATH msg=audit(1146115819.449:24): path="/opt/cisco-vpnclient/lib/libvpnapi.so" My system is up2date: [klaus.steinberger@noname ~]$ rpm -q selinux-policy-targeted selinux-policy-targeted-2.2.34-3.fc5 [klaus.steinberger@noname ~]$ rpm -q acroread acroread-7.0.5-2.2 [klaus.steinberger@noname ~]$ I'm currently not to familiar with selinux, so the only workaround I know is to "setenforce 0". Sincerly, Klaus -- Klaus Steinberger Maier-Leibnitz Labor Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx URL: http://www.physik.uni-muenchen.de/~k2/ In a world without Walls and Fences, who needs Windows and Gates -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list