Description of problem: Imported a .ovpn openvpn config file using network manager wizard. The files seems not receiving the right file-context by default. SELinux is preventing /usr/sbin/openvpn from 'read' accesses on the file 62.225.178.78.user.key. ***** Plugin file (36.8 confidence) suggests ******************************* If sie denken, dies durch ein falsch gekennzeichnetes Gerät verursacht wurde. Then sie müssen erneut eine vollständige Markierung durchführen. Do touch /.autorelabel; reboot ***** Plugin file (36.8 confidence) suggests ******************************* If sie denken, dies durch ein falsch gekennzeichnetes Gerät verursacht wurde. Then sie müssen erneut eine vollständige Markierung durchführen. Do touch /.autorelabel; reboot ***** Plugin catchall_labels (23.2 confidence) suggests ******************** If you want to allow openvpn to have read access on the 62.225.178.78.user.key file Then sie müssen das Label auf 62.225.178.78.user.key ändern Do # semanage fcontext -a -t FILE_TYPE '62.225.178.78.user.key' wobei FILE_TYPE einer der folgenen Werte ist: NetworkManager_tmp_t, abrt_helper_exec_t, abrt_tmp_t, abrt_var_cache_t, abrt_var_run_t, admin_crontab_tmp_t, afs_cache_t, aisexec_tmp_t, alsa_home_t, alsa_tmp_t, amanda_tmp_t, amavis_tmp_t, apcupsd_tmp_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audio_home_t, auditadm_sudo_tmp_t, auth_home_t, automount_tmp_t, awstats_tmp_t, bin_t, bitlbee_tmp_t, bluetooth_helper_tmp_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_tmp_t, cache_home_t, cardmgr_dev_t, ccs_tmp_t, cdcc_tmp_t, cert_t, chkpwd_exec_t, chrome_sandbox_tmp_t, clamd_tmp_t, clamscan_tmp_t, cobbler_tmp_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, config_home_t, corosync_tmp_t, couchdb_tmp_t, cpu_online_t, crack_tmp_t, crond_tmp_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_tmp_t, cyphesis_tmp_t, cyrus_tmp_t, data_home_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbus_home_t, dbusd_etc_t, dcc_client_tmp_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, deltacloudd_tmp_t, devicekit_tmp_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_tmp_t, dirsrvadmin_tmp_t, disk_munin_plugin_tmp_t, dovecot_auth_tmp_t, dovecot_cert_t, dovecot_deliver_tmp_t, dovecot_tmp_t, dspam_tmp_t, etc_runtime_t, etc_t, exim_tmp_t, fail2ban_tmp_t, fail2ban_var_lib_t, faillog_t, fenced_tmp_t, fetchmail_home_t, file_context_t, firewalld_tmp_t, firewallgui_tmp_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_tmp_t, games_tmp_t, gconf_home_t, gconf_tmp_t, getty_tmp_t, git_user_content_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, glusterd_tmp_t, gnome_home_t, gpg_agent_tmp_t, gpg_pinentry_tmp_t, gpg_secret_t, gpm_tmp_t, gssd_tmp_t, gstreamer_home_t, home_bin_t, home_cert_t, httpd_bugzilla_tmp_t, httpd_collectd_script_tmp_t, httpd_mojomojo_tmp_t, httpd_munin_script_tmp_t, httpd_php_tmp_t, httpd_suexec_tmp_t, httpd_tmp_t, httpd_user_content_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_w3c_validator_tmp_t, icc_data_home_t, iceauth_home_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, initrc_tmp_t, initrc_var_run_t, ipsec_tmp_t, iptables_tmp_t, irc_home_t, irc_tmp_t, irssi_home_t, iscsi_tmp_t, kadmind_tmp_t, kdumpctl_tmp_t, kdumpgui_tmp_t, keystone_tmp_t, kismet_home_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_conf_t, krb5_home_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_tmp_t, lib_t, livecd_tmp_t, local_login_home_t, locale_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_tmp_t, lsassd_tmp_t, lvm_tmp_t, machineid_t, mail_home_rw_t, mail_home_t, mail_munin_plugin_tmp_t, mailman_cgi_tmp_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man_t, mandb_cache_t, mock_tmp_t, mongod_tmp_t, mount_tmp_t, mozilla_home_t, mozilla_plugin_tmp_t, mozilla_tmp_t, mpd_tmp_t, mpd_user_data_t, mplayer_home_t, mscan_tmp_t, munin_tmp_t, mysqld_home_t, mysqld_tmp_t, nagios_eventhandler_plugin_tmp_t, nagios_system_plugin_tmp_t, nagios_tmp_t, named_tmp_t, net_conf_t, netutils_tmp_t, nova_ajax_tmp_t, nova_api_tmp_t, nova_cert_tmp_t, nova_compute_tmp_t, nova_console_tmp_t, nova_direct_tmp_t, nova_network_tmp_t, nova_objectstore_tmp_t, nova_scheduler_tmp_t, nova_vncproxy_tmp_t, nova_volume_tmp_t, ntop_tmp_t, ntpd_tmp_t, nx_server_tmp_t, openshift_cgroup_read_tmp_t, openshift_cron_tmp_t, openshift_initrc_tmp_t, openshift_tmp_t, openvpn_etc_rw_t, openvpn_etc_t, openvpn_exec_t, openvpn_tmp_t, openvpn_var_log_t, openvpn_var_run_t, pacemaker_tmp_t, pam_timestamp_exec_t, pam_timestamp_tmp_t, passenger_tmp_t, passwd_file_t, pcscd_var_run_t, pegasus_tmp_t, piranha_web_tmp_t, pkcsslotd_tmp_t, pki_tomcat_tmp_t, podsleuth_tmp_t, policykit_tmp_t, polipo_cache_home_t, polipo_config_home_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_local_tmp_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_qmgr_tmp_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_tmp_t, pppd_tmp_t, prelink_exec_t, prelink_tmp_t, prelude_lml_tmp_t, proc_t, procmail_home_t, procmail_tmp_t, psad_tmp_t, pulseaudio_home_t, puppet_tmp_t, puppetmaster_tmp_t, qpidd_tmp_t, quantum_tmp_t, racoon_tmp_t, realmd_tmp_t, rgmanager_tmp_t, rhev_agentd_tmp_t, ricci_tmp_t, rlogind_home_t, rlogind_tmp_t, rpm_script_tmp_t, rpm_tmp_t, rssh_ro_t, rssh_rw_t, rsync_tmp_t, samba_etc_t, samba_net_tmp_t, samba_var_t, screen_home_t, secadm_sudo_tmp_t, sectool_tmp_t, security_t, selinux_munin_plugin_tmp_t, semanage_tmp_t, sendmail_tmp_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, sge_tmp_t, shell_exec_t, shorewall_tmp_t, slapd_cert_t, slapd_tmp_t, smbd_tmp_t, smoltclient_tmp_t, smsd_tmp_t, snort_tmp_t, sosreport_tmp_t, soundd_tmp_t, spamc_home_t, spamc_tmp_t, spamd_tmp_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_tmp_t, ssh_home_t, sssd_public_t, sssd_var_lib_t, staff_sudo_tmp_t, stapserver_tmp_t, stunnel_tmp_t, svirt_home_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysfs_t, syslogd_tmp_t, system_cronjob_tmp_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_mail_tmp_t, system_munin_plugin_tmp_t, systemd_logind_sessions_t, tcpd_tmp_t, telepathy_cache_home_t, telepathy_data_home_t, telepathy_gabble_cache_home_t, telepathy_gabble_tmp_t, telepathy_idle_tmp_t, telepathy_logger_cache_home_t, telepathy_logger_data_home_t, telepathy_logger_tmp_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, telepathy_mission_control_tmp_t, telepathy_msn_tmp_t, telepathy_salut_tmp_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_home_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thumb_home_t, thumb_tmp_t, tmp_t, tomcat_tmp_t, tuned_tmp_t, tvtime_home_t, tvtime_tmp_t, uml_ro_t, uml_rw_t, uml_tmp_t, unconfined_munin_plugin_tmp_t, update_modules_tmp_t, updpwd_exec_t, user_cron_spool_t, user_fonts_cache_t, user_fonts_config_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, user_tmpfs_t, usr_t, uucpd_tmp_t, var_spool_t, varnishd_tmp_t, virt_content_t, virt_home_t, virt_tmp_t, vmware_conf_t, vmware_file_t, vmware_host_tmp_t, vmware_tmp_t, vpnc_tmp_t, webadm_tmp_t, webalizer_tmp_t, wine_home_t, wine_tmp_t, wireshark_home_t, wireshark_tmp_t, wtmp_t, xauth_home_t, xauth_tmp_t, xdm_home_t, xdm_tmp_t, xend_tmp_t, xenstored_tmp_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_tmp_t, zarafa_deliver_tmp_t, zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_var_lib_t, zebra_tmp_t. Führen Sie danach Folgendes aus: restorecon -v '62.225.178.78.user.key' ***** Plugin catchall (5.04 confidence) suggests *************************** If sie denken, dass es openvpn standardmässig erlaubt sein sollte, read Zugriff auf 62.225.178.78.user.key file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep openvpn /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:openvpn_t:s0 Target Context unconfined_u:object_r:file_t:s0 Target Objects 62.225.178.78.user.key [ file ] Source openvpn Source Path /usr/sbin/openvpn Port <Unknown> Host (removed) Source RPM Packages openvpn-2.3.1-2.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-97.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.4-200.fc18.x86_64 #1 SMP Fri May 24 20:10:49 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-06-11 14:00:29 CEST Last Seen 2013-06-11 14:00:29 CEST Local ID 7dfb147c-6c21-4447-898f-5a0d15b0c537 Raw Audit Messages type=AVC msg=audit(1370952029.481:3272): avc: denied { read } for pid=18088 comm="openvpn" name="62.225.178.78.user.key" dev="dm-0" ino=389553 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=SYSCALL msg=audit(1370952029.481:3272): arch=x86_64 syscall=access success=no exit=EACCES a0=7fff13cfbef7 a1=4 a2=0 a3=4000 items=0 ppid=18084 pid=18088 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=openvpn exe=/usr/sbin/openvpn subj=system_u:system_r:openvpn_t:s0 key=(null) Hash: openvpn,openvpn_t,file_t,file,read audit2allow #============= openvpn_t ============== allow openvpn_t file_t:file read; audit2allow -R require { type openvpn_t; } #============= openvpn_t ============== files_read_isid_type_files(openvpn_t) Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-200.fc18.x86_64 type: libreport
Where is 62.225.178.78.user.key located? You will need to run restorecon on this key.
*** This bug has been marked as a duplicate of bug 973162 ***