problem with selinux and openvpn
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 11 17:55:02 UTC 2007
Ron Yorston wrote:
> Roger Grosswiler <roger at gwch.net> wrote:
>
>> Since f7, openvpn does no longer run in enforcing mode.
>>
>> audit2allow brings me this:
>>
>> require {
>> type openvpn_t;
>> type var_t;
>> type openvpn_var_run_t;
>> type hald_t;
>> type openvpn_etc_t;
>> class file write;
>> class dir { write search add_name };
>> }
>>
>> #============= hald_t ==============
>> allow hald_t var_t:dir write;
>>
This looks like a labeling problem.
Try this
restorecon -R -v /var
>> #============= openvpn_t ==============
>> allow openvpn_t openvpn_etc_t:file write;
>>
This looks like a bug in openvpn
>> allow openvpn_t openvpn_var_run_t:dir { write search add_name };
>>
>>
>> how can i get this in, so i get it running?
>>
>
> There was a thread about this on the fedora-selinux mailing list
> recently which might help:
>
> https://www.redhat.com/archives/fedora-selinux-list/2007-June/msg00048.html
>
> Ron
>
>
You should probably update to selinux-policy-2.6.4-13
More information about the fedora-list
mailing list