On Thu, 2004-12-09 at 16:54, David Hollis wrote: > Looking into it a bit, I found that the openvpn.fc sets up the file > contexts so that the openvpn files can be confined to an openvpn > specific domain. Unfortunately, there isn't an openvpn domain specified > at this point. The openvpn.fc file is essentially ignored (with a > targeted policy anyway) since there is not an associated > domains/program/openvpn.te file to define the domain. > > As far as the RPM itself goes, I don't think that there is anything > specific that you would need to do for OpenVPN. If/when the selinux > policies are updated to include a definition for an OpenVPN domain, the > files should get labeled properly (either via filesystem relabeling or > openvpn rpm upgrade/install). openvpn domain exists in the strict policy. Domains are migrated from strict to targeted based on demand and impact on useability, I think. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
