OpenVPN modules for SELinux

Each time I setup a new keys for my client, the selinux always preventing the connection so the vpn wont work. this is the syntax for enable openvpn selinux.

module openvpn 1.0;

require {
        type openvpn_t;
        type user_home_t;
        class file { read open };
}

#============= openvpn_t ==============
allow openvpn_t user_home_t:file open;
#!!!! This avc is allowed in the current policy

allow openvpn_t user_home_t:file read;

And how to generate a module from *.te file? please read my previous article
http://kura2gurun.blogspot.com/2011/09/tips-and-trick-part-3.html

Bye :-)

Kura-Kura Gurun

Search This Blog

OpenVPN modules for SELinux

Comments

Post a Comment