922786 – New directory for openvpn variable data /var/lib/openvpn/ request

Bug 922786 - New directory for openvpn variable data /var/lib/openvpn/ request

Summary: New directory for openvpn variable data /var/lib/openvpn/ request

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	openvpn
Sub Component:
Version:	el6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Steven Pritchard
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	922732
TreeView+	depends on / blocked

Reported:	2013-03-18 13:59 UTC by Michal Bruncko
Modified:	2017-05-16 13:55 UTC (History)
CC List:	4 users (show)
Fixed In Version:	openvpn-2.4.2-2.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-05-16 13:55:00 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Michal Bruncko 2013-03-18 13:59:06 UTC

Description of problem:
Currently there is no default directory for variable data (needing RW access by openvpn daemon) exist within openpvn package. Currently there is only /etc/openvpn/ directory available for this purpose, but this is not omnipotent.
Reasons for standalone directory for variable data:
- can be easily used for chroot environment than /etc/openvpn/
- there are lot of different files that needs to have its own store (and not /etc/openvpn) like: persistent IP pools, per-user configuration, openvpn scripts (and all those files needs to be accessible also when the openvpn is running with chroot parameter)

In general /var/lib/openvpn can be used for those purposes (and it is also often used as I can see within various openvpn discussions/forums). 

And why I am requesting this officially? Because I am using openvpn on SELinux enabled host and by default openpvn daemon is unable to write to /var/lib/openvpn because of missing correct SELinux context. I've also open bugreport for SELinux for fixing security context for this directory and then we found that /var/lib/openvpn is not included officially within openvpn package. 

Is there any chance to include this directory within openvpn package?

thanks

Comment 1 Michal Bruncko 2013-04-15 22:05:05 UTC

Hello
any chance to move this forward (if possible)?
many thanks

Comment 2 Piotr Dobrogost 2017-01-30 13:06:09 UTC

This bug is marked as blocking at https://apps.fedoraproject.org/packages/openvpn/bugs

What does it block? What's the status?

Comment 3 Fedora Update System 2017-05-11 21:30:24 UTC

openvpn-2.4.2-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837

Comment 4 Fedora Update System 2017-05-12 19:56:25 UTC

openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837

Comment 5 Fedora Update System 2017-05-16 13:55:00 UTC

openvpn-2.4.2-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.