[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

openvpn on fedora 7

From: Matthew Gillen <matt gillens us>
To: fedora-selinux-list redhat com
Subject: openvpn on fedora 7
Date: Thu, 07 Jun 2007 13:22:05 -0400

I had to add the following module before openvpn would work.  The first issue
was that openvpn didn't have permission to write a .pid file to
/var/run/openvpn.  The other problem seemed to be that a TCP socket could not
be created (the name_connect part).

The dac_override is something that I don't get.  Why would openvpn need that?
 Unix permissions problems?

Here's the additional policy:
-----------------------------
require {
        type openvpn_t;
        type openvpn_port_t;
        type openvpn_var_run_t;
        class capability dac_override;
        class tcp_socket name_connect;
        class dir { write search add_name };
}

#============= openvpn_t ==============
allow openvpn_t openvpn_port_t:tcp_socket name_connect;
allow openvpn_t openvpn_var_run_t:dir { write search add_name };
allow openvpn_t self:capability dac_override;
-----------------------------

Thanks,
Matt

Follow-Ups:
- Re: openvpn on fedora 7
  - From: Tony Molloy
- Re: openvpn on fedora 7
  - From: Philip Tricca

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]