982958 – SELinux forbids iptables(1) calls from OpenVPN client-(dis)connect scripts

Bug 982958 - SELinux forbids iptables(1) calls from OpenVPN client-(dis)connect scripts

Summary: SELinux forbids iptables(1) calls from OpenVPN client-(dis)connect scripts

Keywords:
Status:	CLOSED DUPLICATE of bug 1440412
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	openvpn
Sub Component:
Version:	el6
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Steven Pritchard
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	979432
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-10 08:27 UTC by Miroslav Grepl
Modified:	2018-02-16 20:21 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	979432
Environment:
Last Closed:	2018-02-16 20:21:52 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Comment 1 David Sommerseth 2018-02-16 20:21:52 UTC

I believe this is a similar issue to bug #1440412.

Fixing this will require an IPC mechanism which the OpenVPN scripts can trigger and another already running script which would pick up what needs to be done and execute it on behalf of OpenVPN - but with proper privileges.

The script-hooks in OpenVPN are to limited in today's more secured Linux distributions.

*** This bug has been marked as a duplicate of bug 1440412 ***

Note You need to log in before you can comment on or make changes to this bug.