On Thu, 2004-12-09 at 18:10 -0500, David Hollis wrote:
>
> Doesn't drop in cleanly with the targeted policy. It also wants the
> ifconfig, which wants proc_net_t and run_init_t stuff that isn't in the
> targeted policy. I've wrapped the call to ifconfig_exec_t in an if
> ('ifconfig.te....') call so that it builds properly with the targeted
> policy. It builds, and labels the files, so thats a start! Next
> question is if it actually works :)
>
>
A quick test turns up that I need to change the line for self:capability
to:
allow openvpn_t self:capability { net_admin setgid setuid };
To allow the daemon to switch to the nobody user.
--
David Hollis <dhollis@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
