Description of problem:
SELinux prevents openvpn to set its process priority when the nice parameter is used.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. add 'nice -7' to the openvpn server config
2. start openvpn
WARNING: nice -7 failed: Operation not permitted
nice -7 succeeded
allow2audit tells me the following is required (and in fact makes things work):
module invocaopenvpn 1.0;
class capability sys_nice;
class process setsched;
#============= openvpn_t ==============
allow openvpn_t self:capability sys_nice;
allow openvpn_t self:process setsched;
Fixed in selinux-policy-3.7.19-107.el6
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.