enabling selinux
Stephen Smalley
sds at epoch.ncsc.mil
Fri Dec 10 13:03:40 UTC 2004
On Thu, 2004-12-09 at 16:54, David Hollis wrote:
> Looking into it a bit, I found that the openvpn.fc sets up the file
> contexts so that the openvpn files can be confined to an openvpn
> specific domain. Unfortunately, there isn't an openvpn domain specified
> at this point. The openvpn.fc file is essentially ignored (with a
> targeted policy anyway) since there is not an associated
> domains/program/openvpn.te file to define the domain.
>
> As far as the RPM itself goes, I don't think that there is anything
> specific that you would need to do for OpenVPN. If/when the selinux
> policies are updated to include a definition for an OpenVPN domain, the
> files should get labeled properly (either via filesystem relabeling or
> openvpn rpm upgrade/install).
openvpn domain exists in the strict policy. Domains are migrated from
strict to targeted based on demand and impact on useability, I think.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-devel-list
mailing list