This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 417101 - SELinux doesn't allow openvpn to chroot
SELinux doesn't allow openvpn to chroot
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-09 05:23 EST by Ron Yorston
Modified: 2008-01-30 14:05 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:05:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
sealert output (1.81 KB, application/octet-stream)
2007-12-09 05:23 EST, Ron Yorston
no flags Details

  None (edit)
Description Ron Yorston 2007-12-09 05:23:00 EST
Description of problem:

OpenVPN has a configuration option to allow the server to run in a chroot
jail.  SELinux prevents this.


Version-Release number of selected component (if applicable):

3.0.8-62


How reproducible:

Always


Steps to Reproduce:
1.  Set up OpenVPN with the 'chroot' option in its config file.
2.  Attempt to start OpenVPN with 'service openvpn start'.
3.  The command appears to succeed, but OpenVPN isn't running.
Comment 1 Ron Yorston 2007-12-09 05:23:00 EST
Created attachment 282191 [details]
sealert output
Comment 2 Daniel Walsh 2007-12-10 09:37:42 EST
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-68.fc8
Comment 3 Daniel Walsh 2008-01-30 14:05:23 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.