Bug 922786

Summary: New directory for openvpn variable data /var/lib/openvpn/ request
Product: [Fedora] Fedora EPEL Reporter: Michal Bruncko <michal.bruncko>
Component: openvpnAssignee: Steven Pritchard <steve>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: el6CC: gwync, huzaifas, redhat-bugzilla, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvpn-2.4.2-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-16 13:55:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 922732    

Description Michal Bruncko 2013-03-18 13:59:06 UTC 
Description of problem:
Currently there is no default directory for variable data (needing RW access by openvpn daemon) exist within openpvn package. Currently there is only /etc/openvpn/ directory available for this purpose, but this is not omnipotent.
Reasons for standalone directory for variable data:
- can be easily used for chroot environment than /etc/openvpn/
- there are lot of different files that needs to have its own store (and not /etc/openvpn) like: persistent IP pools, per-user configuration, openvpn scripts (and all those files needs to be accessible also when the openvpn is running with chroot parameter)

In general /var/lib/openvpn can be used for those purposes (and it is also often used as I can see within various openvpn discussions/forums). 

And why I am requesting this officially? Because I am using openvpn on SELinux enabled host and by default openpvn daemon is unable to write to /var/lib/openvpn because of missing correct SELinux context. I've also open bugreport for SELinux for fixing security context for this directory and then we found that /var/lib/openvpn is not included officially within openvpn package. 

Is there any chance to include this directory within openvpn package?

thanks
Comment 1 Michal Bruncko 2013-04-15 22:05:05 UTC 
Hello
any chance to move this forward (if possible)?
many thanks
Comment 2 Piotr Dobrogost 2017-01-30 13:06:09 UTC 
This bug is marked as blocking at https://apps.fedoraproject.org/packages/openvpn/bugs

What does it block? What's the status?
Comment 3 Fedora Update System 2017-05-11 21:30:24 UTC 
openvpn-2.4.2-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
Comment 4 Fedora Update System 2017-05-12 19:56:25 UTC 
openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
Comment 5 Fedora Update System 2017-05-16 13:55:00 UTC 
openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.