Bug ID 844281: [Portal Access] SELinux policy does not allow rewrite plugin to read certificate files.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.1.0, 15.1.0.1

Fixed In:
16.0.0, 15.1.0.2, 15.0.1.3, 14.1.4.4

Opened: Oct 30, 2019

Severity: 3-Major

Symptoms

Java applets are not patched when accessed through APM Portal Access. /var/log/rewrite contains error messages similar to following: -- notice rewrite - fm_patchers/java_patcher_engine/CryptoToolsManager.cpp:568 (0x1919ab0): CryptoToolsManager :: _ReadCA() - cannot open CA file. /var/log/auditd/audit.log contains AVC denials for rewrite on attempt to read file under /config/filestore/.

Impact

Java applets cannot be patched by APM Portal Access rewriter.

Conditions

Java patching is enabled via rewrite profile and Portal Access resource.

Workaround

None.

Fix Information

Fixed an issue with SELinux policy blocking Portal Access code from reading Java Patcher certificates.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips