Description of problem: Attempted to start a VPN tunnel from the NetworkManager systray applet. This worked just fine with Fedora 19 and immediately after the upgrade to Fedora 20. After doing "yum upgrade" today and rebooting, the filsystem was relabelled, and the error started appearing. At the same time google-chrome (which is completely unrelated to openvpn) started producing similar errors, so I believe something must have broken during the upgrade: tore@sloth:~$ sudo grep 'Dec 24.*selinux' /var/log/yum.log Dec 24 08:51:33 Updated: libselinux-2.2.1-4.fc20.x86_64 Dec 24 08:51:42 Updated: libselinux-2.2.1-4.fc20.i686 Dec 24 08:52:11 Updated: libselinux-devel-2.2.1-4.fc20.x86_64 Dec 24 08:52:14 Updated: libselinux-utils-2.2.1-4.fc20.x86_64 Dec 24 08:52:14 Updated: libselinux-python-2.2.1-4.fc20.x86_64 Note: This bug happens at the same time as bug #1046299. I consider it highly likely that they are duplicates, but as the SELinux troubleshooter applet detects them as different problems, I submit both of them for completeness. SELinux is preventing /usr/sbin/openvpn from 'write' accesses on the file /home/.ecryptfs/tore/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9Kg7DTilY0RgRIwg8c93nl32E--/ECRYPTFS_FNEK_ENCRYPTED.FXa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9KgKp6Jwa3Y8bFUVCZpploEK.nvKp11BNbrT5lYRe0eWm6-/ECRYPTFS_FNEK_ENCRYPTED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9KggS.z1REQSVDPCwjbWTVkbE--. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that openvpn should be allowed write access on the ECRYPTFS_FNEK_ENCRYPTED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9KggS.z1REQSVDPCwjbWTVkbE-- file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep openvpn /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:openvpn_t:s0 Target Context system_u:object_r:ecryptfs_t:s0 Target Objects /home/.ecryptfs/tore/.Private/ECRYPTFS_FNEK_ENCRYP TED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9Kg7DTilY0RgR Iwg8c93nl32E--/ECRYPTFS_FNEK_ENCRYPTED.FXa1nQWjlbV g0EQqeLUkiIx7X7oFBthnp9KgKp6Jwa3Y8bFUVCZpploEK.nvK p11BNbrT5lYRe0eWm6-/ECRYPTFS_FNEK_ENCRYPTED.FWa1nQ WjlbVg0EQqeLUkiIx7X7oFBthnp9KggS.z1REQSVDPCwjbWTVk bE-- [ file ] Source openvpn Source Path /usr/sbin/openvpn Port <Unknown> Host (removed) Source RPM Packages openvpn-2.3.2-4.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.12.5-302.fc20.x86_64 #1 SMP Tue Dec 17 20:42:32 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-24 12:43:15 CET Last Seen 2013-12-24 12:43:15 CET Local ID 8068676b-076c-4448-859a-2dfa56ee4d07 Raw Audit Messages type=AVC msg=audit(1387885395.547:557): avc: denied { write } for pid=2213 comm="openvpn" path="/home/.ecryptfs/tore/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9Kg7DTilY0RgRIwg8c93nl32E--/ECRYPTFS_FNEK_ENCRYPTED.FXa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9KgKp6Jwa3Y8bFUVCZpploEK.nvKp11BNbrT5lYRe0eWm6-/ECRYPTFS_FNEK_ENCRYPTED.FWa1nQWjlbVg0EQqeLUkiIx7X7oFBthnp9KggS.z1REQSVDPCwjbWTVkbE--" dev="sda3" ino=595570 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:ecryptfs_t:s0 tclass=file type=SYSCALL msg=audit(1387885395.547:557): arch=x86_64 syscall=access success=yes exit=0 a0=7fff89988ef3 a1=4 a2=0 a3=0 items=0 ppid=2208 pid=2213 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=openvpn exe=/usr/sbin/openvpn subj=system_u:system_r:openvpn_t:s0 key=(null) Hash: openvpn,openvpn_t,ecryptfs_t,file,write Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.12.5-302.fc20.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1046299 ***