Description of problem: OpenVPN servers sometimes listen on port 443, to allow clients to connect through an HTTP proxy. The targeted SELinux policy in Fedora 8 prevents the OpenVPN client to connect to this port. SELinux also prevents the client from running an "up" script placed in /etc/openvpn. Version-Release number of selected component (if applicable): openvpn-2.1-0.19.rc4.fc7 selinux-policy-targeted-3.0.8-69.fc8 How reproducible: always Steps to Reproduce: 1. Set up an OpenVPN server listening on port 443. 2. Configure your OpenVPN client on F8 to access this server. 3. Add the following in /etc/openvpn/client.conf: up /etc/openvpn/up.sh 4. Create the up.sh script, for example to do routing configuration. Actual results: No OpenVPN connection is established. Expected results: The client should be able to connect to port 443. Additional info: I'll attach the AVC denied messages, and a SELinux module generated with audit2allow which fixes the two problems.
Created attachment 290570 [details] AVC denied messages
Created attachment 290571 [details] policy generated with audit2allow
Hello - This bug was filed against an incorrect component. Reassigning to selinux-policy.
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-74.fc8
Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists.