enabling selinux

[Stephen Smalley]

On Thu, 2004-12-09 at 16:54, David Hollis wrote:
> Looking into it a bit, I found that the openvpn.fc sets up the file
> contexts so that the openvpn files can be confined to an openvpn
> specific domain.  Unfortunately, there isn't an openvpn domain specified
> at this point.  The openvpn.fc file is essentially ignored (with a
> targeted policy anyway) since there is not an associated
> domains/program/openvpn.te file to define the domain.
> 
> As far as the RPM itself goes, I don't think that there is anything
> specific that you would need to do for OpenVPN.  If/when the selinux
> policies are updated to include a definition for an OpenVPN domain, the
> files should get labeled properly (either via filesystem relabeling or
> openvpn rpm upgrade/install).

openvpn domain exists in the strict policy.  Domains are migrated from
strict to targeted based on demand and impact on useability, I think.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency