enabling selinux
David Hollis
dhollis at davehollis.com
Thu Dec 9 23:15:00 UTC 2004
On Thu, 2004-12-09 at 18:10 -0500, David Hollis wrote:
>
> Doesn't drop in cleanly with the targeted policy. It also wants the
> ifconfig, which wants proc_net_t and run_init_t stuff that isn't in the
> targeted policy. I've wrapped the call to ifconfig_exec_t in an if
> ('ifconfig.te....') call so that it builds properly with the targeted
> policy. It builds, and labels the files, so thats a start! Next
> question is if it actually works :)
>
>
A quick test turns up that I need to change the line for self:capability
to:
allow openvpn_t self:capability { net_admin setgid setuid };
To allow the daemon to switch to the nobody user.
--
David Hollis <dhollis at davehollis.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041209/579746cf/attachment.sig>
More information about the fedora-devel-list
mailing list