[strongSwan-dev] Regression in latest version of android client

Tobias Brunner tobias at strongswan.org
Mon Nov 17 11:16:12 CET 2014


Hi Alexander,

> But there is no route and judging from log iptables rules also failed to 
> be installed.
> My test system is android 5.0 x86 emulator and 1.4.0 client works fine 
> at the same environment. So I suppose possible regression is in new code.
> I will try to investigate this problem in detail. Just reporting it first.

I get the same messages in the 5.0 x86 emulator image.  And since there
haven't been any changes to the parts of the code that deal with the
VpnService API, I also get the same exact messages with the 1.4.0 code base.

Hopefully this issue only affects the emulator image (I've no device
with 5.0 yet).  But after the 4.4 debacle I'm not really surprised that
Google (again) broke that API.

> D/ConnectivityService( 1116): Adding iface tun0 to network 102
> W/iptables( 2396): type=1400 audit(0.0:29): avc: denied { module_request 
> } for kmod="ipt_MARK" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 
> tclass=system permissive=0

Looks like it could be an SELinux issue (avc: denied).

Regards,
Tobias



More information about the Dev mailing list