Bug ID 844281: [Portal Access] SELinux policy does not allow rewrite plugin to read certificate files.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.1.0, 15.1.0.1

Fixed In:
16.0.0, 15.1.0.2, 15.0.1.3, 14.1.4.4

Opened: Oct 30, 2019
Severity: 3-Major

Symptoms

Java applets are not patched when accessed through APM Portal Access. /var/log/rewrite contains error messages similar to following: -- notice rewrite - fm_patchers/java_patcher_engine/CryptoToolsManager.cpp:568 (0x1919ab0): CryptoToolsManager :: _ReadCA() - cannot open CA file. /var/log/auditd/audit.log contains AVC denials for rewrite on attempt to read file under /config/filestore/.

Impact

Java applets cannot be patched by APM Portal Access rewriter.

Conditions

Java patching is enabled via rewrite profile and Portal Access resource.

Workaround

None.

Fix Information

Fixed an issue with SELinux policy blocking Portal Access code from reading Java Patcher certificates.

Behavior Change