Mr Dash Four wrote: >> Why even put it there. shouldnt it just be in /usr/sbin/ or something? >> >Then I would need to grant permission to /usr/bin in both openvpn_sudo_t >AND openvpn_t ... or am I missing something? > >Also, one of the scripts creates ".route-up-started" (though that is >executed by root and within the /etc/init.d/openvpn domain), so I am not >sure how this is going to work out. The way the Samba policy module does things is to define a specific directory for scripts: samba.fc: ... /var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0) ... This way you keep the scripts separate from ordinary system binaries, they automatically get the correct type when installed from rpm, and you don't need to create a new file context every time you add a script. Moray. "To err is human. To purr, feline" -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
