Centos 5 + RPMForge : SELinux block OpenVPN form using
Manuel Wolfshant
wolfy at nobugconsulting.ro
Sat Dec 6 11:17:02 UTC 2008
On 12/06/2008 11:05 AM, Paul Howarth wrote:
> On Fri, 5 Dec 2008 23:13:13 -0600
> "Arthur Pemberton" <pemboa at gmail.com> wrote:
>
>
>> Audit message is:
>>
>> host=moriarty type=AVC msg=audit(1228539599.507:62): avc: denied {
>> execstack } for pid=4737 comm="openvpn"
>> scontext=user_u:system_r:openvpn_t:s0 tcontext=user_u:system_r:openvpn
>> _t:s0 tclass=process
>>
>> host=moriarty type=SYSCALL msg=audit(1228539599.507:62): arch=40000003
>> syscall=125 success=no exit=-13 a0=bfd77000 a1=1000 a2=1000007
>> a3=fffff000 items=0 ppid=4727 pid=4737 auid=50
>> 0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1
>> ses=6 comm="openvpn" exe="/usr/sbin/openvpn"
>> subj=user_u:system_r:openvpn_t:s0 key=(null)
>>
>> setroubleshoot had no suggestion. This only happens when the init
>> script is used. Direct infovation of openvpn as root does not cause
>> this.
>>
>> this google search suggests that this is a fairly popular problem with
>> no published solution (that I've seen):
>> http://www.google.com/search?q=liblzo2.so.2%3A+cannot+enable+executable+stack+as+shared+object+requires%3A+Permission+denied%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
>>
>>
>
> Does the same problem happen if you use the lzo and openvpn from EPEL?
>
openvpn from EPEL (+ the stack off libs needed and taken from EPEL, too
) worked for me fine ever since it has been included over there. I am
using openvpn-2.1-0.29.rc15.el5.x86_64 in this very moment.
The version from rpmforge did indeed exhibit the same error as Paul has
seen (reason for the switch to EPEL, to be honest)
More information about the fedora-selinux-list
mailing list