Bug 1134967
Summary: | SELinux is preventing /usr/sbin/openvpn from 'write' accesses on the file . | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> |
Component: | openvpn | Assignee: | Gwyn Ciesla <gwync> |
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | davids, dominick.grift, dwalsh, gwync, huzaifas, lvrabec, mgrepl, mikhail.v.gavrilov, steve |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:b68939b732debbc20668a8b41c89f4f2e737ff4209445a4c8cb7f4953c492bda | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-11-13 10:36:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mikhail
2014-08-28 14:18:17 UTC
Why isn't this file in /var/log/openvpn? I see the file it tried to access was /var/log/openvpn-access.log, which keeps a status overview of all connected clients. This file not a generic log file, but a file which openvpn updates regularly. Thus, this information cannot and should not be in /var/log/openvpn. I've not checked F20, but in F19 I see these file contexts declared: /var/log/openvpn-status\.log.* regular file system_u:object_r:openvpn_status_t:s0 /var/log/openvpn.* all files system_u:object_r:openvpn_var_log_t:s0 Based on the denial, I would recommend doing a 'restorecon -v /var/log/openvpn-status.log' first. To ensure the file context is correct. The denial says: scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:openvpn_etc_t:s0 tclass=file Which indicates that the openvpn-status.log have openvpn_etc_t instead of openvpn_status_t. It looks like the file was in /etc at one point, and mv'd to /var/log? This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Closing this one as there has been no response from the reporter, and it looks like a misconfiguration (wrong SELinux label on /var/log/openvpn-status.log). |