Detailed Description: SELinux denied access requested by openvpn. It is not expected that this access is required by openvpn and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context root:system_r:openvpn_t Target Context root:system_r:openvpn_t Target Objects None [ capability ] Source openvpn Source Path /usr/sbin/openvpn Port <Unknown> Host localhost.localdomain Source RPM Packages openvpn-2.1.4-1.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-324.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.18-303.el5 #1 SMP Tue Jan 3 16:41:59 EST 2012 i686 i686 Alert Count 1 First Seen Fri Jan 13 16:16:29 2012 Last Seen Fri Jan 13 16:16:29 2012 Local ID 8ea13e50-848d-4770-8338-59fc9ceabf8d Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1326467789.861:77): avc: denied { sys_nice } for pid=7007 comm="openvpn" capability=23 scontext=root:system_r:openvpn_t:s0 tcontext=root:system_r:openvpn_t:s0 tclass=capability host=localhost.localdomain type=SYSCALL msg=audit(1326467789.861:77): arch=40000003 syscall=97 success=no exit=-13 a0=0 a1=0 a2=fffffff9 a3=ffffffb8 items=0 ppid=7006 pid=7007 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="openvpn" exe="/usr/sbin/openvpn" subj=root:system_r:openvpn_t:s0 key=(null)
We have this in RHEL6.
Fixed in selinux-policy-2.4.6-326.el5
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0158.html