Bug 1733319
Summary: | SELIinux failes to activate OpenVPN Policy | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | mock <mark> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 30 | CC: | dwalsh, lvrabec, mark, mgrepl, plautrba, zpytela |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-07-29 11:17:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
mock
2019-07-25 17:03:58 UTC
Hi, We miss any data about the denial, so we can just suppose the key or cert files are mislabeled. To fix the labels along with the selinux policy, run this command: # /sbin/restorecon -v /etc possibly with changing the path depending on the files reported, or setup the machine to relabel all filesystems on the next reboot: # fixfiles onboot and reboot the system. If that does not help, please include the output of # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today to display today's AVC messages. Additionally, for a custom policy module a name different to existing one needs to be used, see: # semodule -l | grep openvpn openvpn Seems using a name other than openvpn was the trick. I changed it to my-openvpn and installed the my-openvpn.pp module successfully. Thanks for the help on this. I'll keep in mind the name of the policy module should be something customized. |