Roger Grosswiler wrote:
Ron Yorston wrote:
Roger Grosswiler <roger@xxxxxxxx> wrote:
Since f7, openvpn does no longer run in enforcing mode.
audit2allow brings me this:
require {
type openvpn_t;
type var_t;
type openvpn_var_run_t;
type hald_t;
type openvpn_etc_t;
class file write;
class dir { write search add_name };
}
#============= hald_t ==============
allow hald_t var_t:dir write;
This looks like a labeling problem.
Try this
restorecon -R -v /var
#============= openvpn_t ==============
allow openvpn_t openvpn_etc_t:file write;
This looks like a bug in openvpn
allow openvpn_t openvpn_var_run_t:dir { write search add_name };
how can i get this in, so i get it running?
There was a thread about this on the fedora-selinux mailing list
recently which might help:
https://www.redhat.com/archives/fedora-selinux-list/2007-June/msg00048.html
Ron
You should probably update to selinux-policy-2.6.4-13
Ron:
No, in /etc/openvpn i have the ipp.txt and another file to log and indicate the allowed
and routed subnets.
Dan:
i have that policy installed. You mean selinux-policy-2.6.4-14 perhaps? I've seen a
thread by the previous sent link, that you installed above information in the new
policy-file.
Roger
Not quite sure what these files are but it would be better to not have
writable files in /etc. Daemons should be writing to /var/log/daemon/
or /var/run
