Description of problem:
Currently there is no default directory for variable data (needing RW access by openvpn daemon) exist within openpvn package. Currently there is only /etc/openvpn/ directory available for this purpose, but this is not omnipotent.
Reasons for standalone directory for variable data:
- can be easily used for chroot environment than /etc/openvpn/
- there are lot of different files that needs to have its own store (and not /etc/openvpn) like: persistent IP pools, per-user configuration, openvpn scripts (and all those files needs to be accessible also when the openvpn is running with chroot parameter)
In general /var/lib/openvpn can be used for those purposes (and it is also often used as I can see within various openvpn discussions/forums).
And why I am requesting this officially? Because I am using openvpn on SELinux enabled host and by default openpvn daemon is unable to write to /var/lib/openvpn because of missing correct SELinux context. I've also open bugreport for SELinux for fixing security context for this directory and then we found that /var/lib/openvpn is not included officially within openvpn package.
Is there any chance to include this directory within openvpn package?
any chance to move this forward (if possible)?
This bug is marked as blocking at https://apps.fedoraproject.org/packages/openvpn/bugs
What does it block? What's the status?
openvpn-2.4.2-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.