> whether they have any access at all depends on what access you specify. > So unless you allow your new domain to interact with the type foro that location, access is denied. > That's what I thought - this domain will need read access to this directory, but since it has already been labelled openvpn_etc_t and I can't add another SELinux label I need to grant openvpn_sudo_t the same permission to openvpn_etc_t as openvpn_t currently has (the macro name used to do this in openvpn.te escapes me at the moment but I will find it). -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
