Bug 982958

Summary: SELinux forbids iptables(1) calls from OpenVPN client-(dis)connect scripts
Product: [Fedora] Fedora EPEL Reporter: Miroslav Grepl <mgrepl>
Component: openvpnAssignee: Steven Pritchard <steve>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el6CC: dazo, dwalsh, gwync, huzaifas, mmalik, redhat-bugzilla, robert.scheck, steve
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 979432 Environment:
Last Closed: 2018-02-16 20:21:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 979432    
Bug Blocks:    

Comment 1 David Sommerseth 2018-02-16 20:21:52 UTC 
I believe this is a similar issue to bug #1440412.

Fixing this will require an IPC mechanism which the OpenVPN scripts can trigger and another already running script which would pick up what needs to be done and execute it on behalf of OpenVPN - but with proper privileges.

The script-hooks in OpenVPN are to limited in today's more secured Linux distributions.

*** This bug has been marked as a duplicate of bug 1440412 ***