problem with selinux and openvpn
Roger Grosswiler
roger at gwch.net
Tue Jun 12 05:36:51 UTC 2007
> Ron Yorston wrote:
>> Roger Grosswiler <roger at gwch.net> wrote:
>>
>>> Since f7, openvpn does no longer run in enforcing mode.
>>>
>>> audit2allow brings me this:
>>>
>>> require {
>>> type openvpn_t;
>>> type var_t;
>>> type openvpn_var_run_t;
>>> type hald_t;
>>> type openvpn_etc_t;
>>> class file write;
>>> class dir { write search add_name };
>>> }
>>>
>>> #============= hald_t ==============
>>> allow hald_t var_t:dir write;
>>>
> This looks like a labeling problem.
>
> Try this
>
> restorecon -R -v /var
>>> #============= openvpn_t ==============
>>> allow openvpn_t openvpn_etc_t:file write;
>>>
> This looks like a bug in openvpn
>>> allow openvpn_t openvpn_var_run_t:dir { write search add_name };
>>>
>>>
>>> how can i get this in, so i get it running?
>>>
>>
>> There was a thread about this on the fedora-selinux mailing list
>> recently which might help:
>>
>> https://www.redhat.com/archives/fedora-selinux-list/2007-June/msg00048.html
>>
>> Ron
>>
>>
>
> You should probably update to selinux-policy-2.6.4-13
>
>
>
Ron:
No, in /etc/openvpn i have the ipp.txt and another file to log and indicate the allowed
and routed subnets.
Dan:
i have that policy installed. You mean selinux-policy-2.6.4-14 perhaps? I've seen a
thread by the previous sent link, that you installed above information in the new
policy-file.
Roger
More information about the fedora-list
mailing list