On Dec 21, 2021, at 14:03, Kevin Becker <kevin@xxxxxxxxxxxxxxx> wrote: > > Probably selinux. I have these notes for configuring a commercial VPN provider to work. > > sudo ausearch -c 'openvpn' --raw | audit2allow -M my-openvpn > sudo semodule -X 300 -i my-openvpn.pp Ack! That’s not good advice. That’s basically saying: “whatever broken settings you have currently, let it be allowed” blindly. Is it set so open on can read all files on your file system now? Who knows! Maybe now it’s allowed to sniff your network traffic? You can’t tell! It is the selinux equivalent of just “chmod 777” you see people suggest for file permission problems. The appropriate first step is to use “restorecon” to relabel the files in /etc. Most likely that would have fixed it. The “audit2why” command might have mentioned a selinux Boolean or missing setting. -- Jonathan Billings _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
