I had to add the following module before openvpn would work. The first issue
was that openvpn didn't have permission to write a .pid file to
/var/run/openvpn. The other problem seemed to be that a TCP socket could not
be created (the name_connect part).
The dac_override is something that I don't get. Why would openvpn need that?
Unix permissions problems?
Here's the additional policy:
-----------------------------
require {
type openvpn_t;
type openvpn_port_t;
type openvpn_var_run_t;
class capability dac_override;
class tcp_socket name_connect;
class dir { write search add_name };
}
#============= openvpn_t ==============
allow openvpn_t openvpn_port_t:tcp_socket name_connect;
allow openvpn_t openvpn_var_run_t:dir { write search add_name };
allow openvpn_t self:capability dac_override;
-----------------------------
Thanks,
Matt
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
