On 5/30/07, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Easiest thing to do is update policy with these two rules. # grep openvpn /var/log/audit/audit.log | audit2allow -M myopenvpn # semodule -i myopenvpn.pp This will add the following rules: allow openvpn_t pppd_t:fd use; allow openvpn_t self:process execstack; The pppd_t:fd is probably a leaked file descriptor and could probably be dontaudited. The execstack is potentially a problem in openvpn_t. This is probably a coding problem and should be reported as a bug/
Daniel, do you mean a bug in SElinux or OpenVPN? Best regards, Bernd. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos