Description of problem: The example config in /usr/share/docs/openvpn-2.3.2/sample-config-files/server.conf and the example config on the openvpn website have a 'status' entry that's not compatible with SELinux. However, no documentation explains this. Version-Release number of selected component (if applicable): 2.3.2-4.el7 How reproducible: Always Steps to Reproduce: 1. Install openvpn and copy example conf from either the docs or website. 2. Edit config to use valid certificates. 3. Attempt to start openvpn Actual results: Fails to start. SELinux catches attempt to write to /etc/openvpn/openvpn-status.log Expected results: openvpn should start. Additional info: SELinux expects the openvpn-status.log file to be in /var/log, which is a reasonable assumption; but, this is not documented anywhere. The example conf in /usr/share/docs/openvpn-2.3.2/sample-config-files and the openvpn website use the line 'status openvpn-status.log' and there is nothing to suggest that this shouldn't be the line to use. However, as the systemd unit in the openvpn package start the server with '--cd /etc/openvpn' then it tries to write the status to this location, which is not allowed by SELinux. Would it not be a good idea to place a working sample conf in /etc/openvpn which is well documented? Maybe also include the fact that openvpn uses instantiated units and the conf file name should be the same as the systemd unit's instance identifier.
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.