openvpn on fedora 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I had to add the following module before openvpn would work.  The first issue
was that openvpn didn't have permission to write a .pid file to
/var/run/openvpn.  The other problem seemed to be that a TCP socket could not
be created (the name_connect part).

The dac_override is something that I don't get.  Why would openvpn need that?
 Unix permissions problems?

Here's the additional policy:
-----------------------------
require {
        type openvpn_t;
        type openvpn_port_t;
        type openvpn_var_run_t;
        class capability dac_override;
        class tcp_socket name_connect;
        class dir { write search add_name };
}

#============= openvpn_t ==============
allow openvpn_t openvpn_port_t:tcp_socket name_connect;
allow openvpn_t openvpn_var_run_t:dir { write search add_name };
allow openvpn_t self:capability dac_override;
-----------------------------

Thanks,
Matt

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux