Stunnel init scripts needs read access on the stunnel configuration files: """ # run_init rc-service stunnel restart Authenticating root. * Stopping stunnel ... grep: /etc/stunnel/stunnel.conf: Permission denied grep: /etc/stunnel/stunnel.conf: Permission denied [ ok ] * Starting stunnel ... grep: /etc/stunnel/stunnel.conf: Permission denied grep: /etc/stunnel/stunnel.conf: Permission denied grep: /etc/stunnel/stunnel.conf: Permission denied grep: /etc/stunnel/stunnel.conf: Permission denied No limit detected for the number of clients signal_pipe: FD=3 allocated (non-blocking mode) signal_pipe: FD=4 allocated (non-blocking mode) stunnel 4.44 on x86_64-pc-linux-gnu platform Compiled/running with OpenSSL 1.0.0j 10 May 2012 Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6 Reading configuration from file /etc/stunnel/stunnel.conf PRNG seeded successfully Initializing SSL context for service ssmtp /etc/ssl/services/server.key: Permission denied (13) str_stats: 51 block(s), 4289 data byte(s), 2550 control byte(s) """ Denials: """ Dec 8 11:03:22 testsys kernel: [ 2710.916659] type=1400 audit(1354961002.699:183): avc: denied { read } for pid=4632 comm="grep" name="stunnel.conf" dev="dm-2" ino=394168 scontext=system_u:system_r:initrc_t tcontext=root:object_r:stunnel_etc_t tclass=file """ Reproducible: Always
Also denial for accessing the certificate(s) and keys: """ Dec 8 11:22:24 testsys kernel: [ 3852.644409] type=1400 audit(1354962144.426:210): avc: denied { search } for pid=16146 comm="stunnel" name="services" dev="dm-2" ino=394153 scontext=system_u:system_r:stunnel_t tcontext=root:object_r:cert_t tclass=dir """
r9 in hardened-dev overlay
r9 in main repo, ~arch'ed
Forgot to mention... stabilized a while ago ;)