avc { module_request, relabelfrom }: openvpn->tun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When trying to start openvpn with 'service openvpn start' 
(selinux=enforced) I get the following avc (audit.log):


----audit.log---------------
type=AVC msg=audit(1281803077.151:21): avc:  denied  { module_request } 
for  pid=1943 comm="openvpn" kmod="char-major-10-200" 
scontext=unconfined_u:system_r:openvpn_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=SYSCALL msg=audit(1281803077.151:21): arch=40000003 syscall=5 
success=no exit=-19 a0=80bf7b8 a1=2 a2=38 a3=96bd804 items=0 ppid=1 
pid=1943 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) ses=1 comm="openvpn" exe="/usr/sbin/openvpn" 
subj=unconfined_u:system_r:openvpn_t:s0 key=(null)
-------------------

-----var/log/messages-------
Aug 14 17:24:37 test1 openvpn[1943]: Note: Cannot open TUN/TAP dev 
/dev/net/tun: No such device (errno=19)
Aug 14 17:24:37 test1 openvpn[1943]: Note: Attempting fallback to kernel 
2.2 TUN/TAP interface
Aug 14 17:24:37 test1 openvpn[1943]: Cannot open TUN/TAP dev /dev/tun0: 
No such file or directory (errno=2)
Aug 14 17:24:37 test1 openvpn[1943]: Exiting
-------------------

When I try to execute 'openvpn --mktun --dev tun0 --user nobody --group 
nobody' it works OK, but when I try to start openvpn it again fails with 
the following avc:

----audit.log---------------
type=AVC msg=audit(1281803362.451:23): avc:  denied  { relabelfrom } 
for  pid=2007 comm="openvpn" scontext=unconfined_u:system_r:openvpn_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tclass=tun_socket
type=SYSCALL msg=audit(1281803362.451:23): arch=40000003 syscall=54 
success=no exit=-13 a0=5 a1=400454ca a2=bfb4c26c a3=87e4804 items=0 
ppid=1 pid=2007 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) ses=1 comm="openvpn" exe="/usr/sbin/openvpn" 
subj=unconfined_u:system_r:openvpn_t:s0 key=(null)
-------------------

-----var/log/messages-------
Aug 14 17:29:22 test1 openvpn[2007]: Note: Cannot ioctl TUNSETIFF tun0: 
Permission denied (errno=13)
Aug 14 17:29:22 test1 openvpn[2007]: Note: Attempting fallback to kernel 
2.2 TUN/TAP interface
Aug 14 17:29:22 test1 openvpn[2007]: Cannot open TUN/TAP dev /dev/tun0: 
No such file or directory (errno=2)
Aug 14 17:29:22 test1 openvpn[2007]: Exiting
-------------------


Any idea what might be the cause of this problem?

openvpn normally tries to open tun0, assign its IP address, net mask and 
broadcast address, then reassign the routing on this particular machine 
- nothing suspicious really!
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux