Dnia 03-01-2008, czw o godzinie 13:49 -0800, Ed Swierk pisze: > On 1/3/08, Eric Paris <eparis@xxxxxxxxxx> wrote: > > Could you explain how you 'copied' these configuration files? Is this > > tar/untar ? I'm trying to figure out how the labels for stuff in ~/.ssh > > got messed up for you. tar with "--xattrs"? > Yes, I used tar to copy /home and /etc/openvpn. Openvpn stores state > for active connections in a file specified by the > --ifconfig-pool-persist option. Since the openvpn configuration recipe > I found online uses /etc/openvpn/ipp.txt, that's what I use. > Presumably the SELinux policy wants me to store that file somewhere > else? SELinux don't care about file location. It cares about labels. Policy for *labeling* files and assorted utilities care for paths, but they are only additional utilities, not SELinux itself.. In your situation, ipp.txt must be writable by openvpn daemon. You can achieve it by labeling (man chcon) ipp.txt as openvpn_var_log_t. By default files in /etc/openvpn are labeled as openvpn_etc_t (openvpn's configuration files). Daemons cannot modify their configuration files. -- Tomasz Torcz -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
