Bug 221575 - policy for openvpn does not allow use of TCP support
policy for openvpn does not allow use of TCP support
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-05 06:16 EST by Tom Hughes
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:12:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom Hughes 2007-01-05 06:16:10 EST
Description of problem:

OpenVPN can be used with both UDP ports (default and prefered) and TCP ports but
the targeted selinux policy only allows the use of UDP ports.

Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.4.6-13.fc6

How reproducible:

Perfectly.

Steps to Reproduce:
1. Setup an OpenVPN service using TCP and start it and watch the AVCs.
2.
3.
  
Actual results:

AVCs.

Expected results:

No AVCs.

Additional info:

Adding these extra policy rules fixed it for me:

allow openvpn_t self:capability net_bind_service;
allow openvpn_t self:tcp_socket { listen accept };
Comment 1 Daniel Walsh 2007-01-05 13:29:02 EST
Fixed in selinux-policy-2.4.6-23
Comment 2 Daniel Walsh 2007-08-22 10:12:21 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.