Re: problem with selinux and openvpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Roger Grosswiler wrote:
Ron Yorston wrote:
Roger Grosswiler <roger@xxxxxxxx> wrote:

Since f7, openvpn does no longer run in enforcing mode.

audit2allow brings me this:

require {
       type openvpn_t;
       type var_t;
       type openvpn_var_run_t;
       type hald_t;
       type openvpn_etc_t;
       class file write;
       class dir { write search add_name };

#============= hald_t ==============
allow hald_t var_t:dir write;

This looks like a labeling problem.

Try this

restorecon -R -v /var
#============= openvpn_t ==============
allow openvpn_t openvpn_etc_t:file write;

This looks like a bug in openvpn
allow openvpn_t openvpn_var_run_t:dir { write search add_name };

how can i get this in, so i get it running?

There was a thread about this on the fedora-selinux mailing list
recently which might help:


You should probably update to selinux-policy-2.6.4-13

No, in /etc/openvpn i have the ipp.txt and another file to log and indicate the allowed
and routed subnets.

i have that policy installed. You mean selinux-policy-2.6.4-14 perhaps? I've seen a
thread by the previous sent link, that you installed above information in the new


Not quite sure what these files are but it would be better to not have writable files in /etc. Daemons should be writing to /var/log/daemon/ or /var/run

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux