Bug 199069 - Openvpn won't work with setenforce 1
Openvpn won't work with setenforce 1
Status: CLOSED DUPLICATE of bug 187305
Product: Fedora
Classification: Fedora
Component: openvpn (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steven Pritchard
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-16 18:36 EDT by Andreas Thienemann
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-17 14:42:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andreas Thienemann 2006-07-16 18:36:25 EDT
setting selinux to be enforced, openvpn subsequently fails to startup:

type=AVC msg=audit(1153071923.115:352): avc:  denied  { search } for  pid=22678
comm="openvpn" name="tun0" dev=sysfs ino=112568
scontext=root:system_r:openvpn_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
type=AVC msg=audit(1153073406.417:7): avc:  denied  { use } for  pid=1629
comm="openvpn" name="console" dev=tmpfs ino=745
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=fd
type=AVC msg=audit(1153073406.417:7): avc:  denied  { use } for  pid=1629
comm="openvpn" name="console" dev=tmpfs ino=745
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=fd
type=AVC msg=audit(1153073406.417:7): avc:  denied  { use } for  pid=1629
comm="openvpn" name="console" dev=tmpfs ino=745
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=fd
type=SYSCALL msg=audit(1153073406.417:7): arch=40000003 syscall=11 success=yes
exit=0 a0=84bb478 a1=84ce858 a2=84ced10 a3=84c2ec0 items=2 pid=1629
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="openvpn" exe="/usr/sbin/openvpn"
subj=system_u:system_r:openvpn_t:s0
type=AVC_PATH msg=audit(1153073406.417:7):  path="/dev/console"
type=AVC_PATH msg=audit(1153073406.417:7):  path="/dev/console"
type=AVC_PATH msg=audit(1153073406.417:7):  path="/dev/console"
type=CWD msg=audit(1153073406.417:7):  cwd="/etc/openvpn"
type=PATH msg=audit(1153073406.417:7): item=0 name="/usr/sbin/openvpn"
inode=4364840 dev=09:02 mode=0100755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:openvpn_exec_t:s0
type=PATH msg=audit(1153073406.417:7): item=1 name=(null) inode=262150 dev=09:02
mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=AVC msg=audit(1153073406.925:8): avc:  denied  { search } for  pid=1629
comm="openvpn" scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1153073406.925:8): arch=40000003 syscall=149 success=no
exit=-1 a0=bfae3af0 a1=4ccff4 a2=4d0340 a3=bfae3ae8 items=0 pid=1629
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="openvpn" exe="/usr/sbin/openvpn"
subj=system_u:system_r:openvpn_t:s0
type=AVC msg=audit(1153073406.925:9): avc:  denied  { search } for  pid=1629
comm="openvpn" name="kernel" dev=proc ino=-268435417
scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1153073406.925:9): arch=40000003 syscall=5 success=no
exit=-13 a0=9223c0 a1=0 a2=0 a3=b7f328cc items=1 pid=1629 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="openvpn"
exe="/usr/sbin/openvpn" subj=system_u:system_r:openvpn_t:s0
type=CWD msg=audit(1153073406.925:9):  cwd="/etc/openvpn"
type=PATH msg=audit(1153073406.925:9): item=0 name="/proc/sys/kernel/version"
obj=system_u:object_r:lib_t:s0
Comment 1 Steven Pritchard 2006-07-17 14:42:02 EDT

*** This bug has been marked as a duplicate of 187305 ***

Note You need to log in before you can comment on or make changes to this bug.