Re: avc { module_request, relabelfrom }: openvpn->tun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> That did the trick!
>>
>> It was good that you've included this as a separate module so that I
>> could test it, otherwise I had to patch and recompile the whole
>> policy, then rebuild the image in order to test it and see whether
>> it works.
>>
>> I take it to make this a 'permanent' solution I have to patch and
>> include 'kernel_request_load_module(openvpn_t)' in openvpn.te
>> (forming part of the -44 policy), is that right?
>>     
>
> Yes but Fedora should fix this. It is already fixed in f14 (v3.8.8-14). they just need to back port this to f13/f12
>   
Agreed. I am waiting to see if this patch is going to work in the event 
of connection reset/time out (in situations when the connection needs to 
be re-established - with/without closing the tun device and possibly 
re-establishing the ip address, routing and all other parameters) - in 
that case the tun kernel module should already be loaded so if anything 
goes wrong I am expecting 'relablefrom' avc to pop up. If not, then all 
is well and I am applying this patch permanently.

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux