Bug ID 844281: [Portal Access] SELinux policy does not allow rewrite plugin to read certificate files.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,, 15.0.0, 15.0.1,,, 15.1.0,

Fixed In:

Opened: Oct 30, 2019
Severity: 3-Major


Java applets are not patched when accessed through APM Portal Access. /var/log/rewrite contains error messages similar to following: -- notice rewrite - fm_patchers/java_patcher_engine/CryptoToolsManager.cpp:568 (0x1919ab0): CryptoToolsManager :: _ReadCA() - cannot open CA file. /var/log/auditd/audit.log contains AVC denials for rewrite on attempt to read file under /config/filestore/.


Java applets cannot be patched by APM Portal Access rewriter.


Java patching is enabled via rewrite profile and Portal Access resource.



Fix Information

Fixed an issue with SELinux policy blocking Portal Access code from reading Java Patcher certificates.

Behavior Change