Bug 243609
Summary: | openvpn won't run due to selinux targeted policy denials | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | william hanlon <whanlon> | ||||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 7 | ||||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2007-08-22 14:09:47 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
william hanlon
2007-06-10 18:38:46 UTC
Created attachment 156670 [details]
openvpn policy module
Added the following to selinux-policy-targeted-2.6.4-14 allow openvpn_t openvpn_var_run_t:dir { write search add_name }; Why does openvpn need to read homedir? Created attachment 156836 [details]
selinux policy module to allow openvpn to start
(In reply to comment #2) > Added the following to selinux-policy-targeted-2.6.4-14 > > allow openvpn_t openvpn_var_run_t:dir { write search add_name }; > > Why does openvpn need to read homedir? I'm not sure. I removed that and reloaded the new module and openvpn seems to start ok. I've attached the new module. Just looking into another OpenVPN/SELinux problem (which may just be because my
policy is out of date), and noticed this:
> Why does openvpn need to read homedir?
Is it because the OpenVPN configuration file references files (keys,
certificates, etc.) in a home directory?
(In reply to comment #5) > Just looking into another OpenVPN/SELinux problem (which may just be because my > policy is out of date), and noticed this: > > > Why does openvpn need to read homedir? > > Is it because the OpenVPN configuration file references files (keys, > certificates, etc.) in a home directory? No, all the openvpn configuration stuff was where it was supposed to be (as desired by /etc/init.d/openvpn): /etc/openvpn. I used "sudo service openvpn ..." to start/stop openvpn. Fixes for this should be available in selinux-policy-2.6.4-28 Closing as fixes are in the current release |