Created attachment 776478 [details] grep gnome-control-c /var/log/audit/audit.log When setting up a new openvpn connection via gnome-control-c, there is a drop-down list to choose the cipher to use for the connection (eg, AES-256-CBC). However, this list is completely empty and you cannot change from the default. gnome-control-c executes /usr/sbin/openvpn to get a list of available ciphers, but SELinux is preventing this. Version-Release number of selected component (if applicable): - selinux-policy-3.12.1-65.fc19
If you add a local policy, does it work then? # grep openvpn /var/log/audit/audit.log |audit2allow -M mypol # semodule -i mypol.pp
Yeah, I added a local policy (created from the AVCs I attached above) and it works. The policy.te looks like this: module local-gnome-control-c 1.0; require { type staff_t; type openvpn_exec_t; class file { read execute open execute_no_trans }; } #============= staff_t ============== allow staff_t openvpn_exec_t:file { read execute open execute_no_trans };
Added fixes. Thank you for testing.
selinux-policy-3.12.1-66.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-66.fc19
Package selinux-policy-3.12.1-66.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-66.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-13543/selinux-policy-3.12.1-66.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-66.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.