Summary: | net-misc/openvpn: add /var/run/openvpn to be ok with selinux and openvpn-status.log file | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Veovis <veovis8> |
Component: | Current packages | Assignee: | William Hubbs <williamh> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | cedk, chutzpah, gentoo, williamh |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Patch file
fix the run path on a selinux enforced box |
Description
Veovis
2012-01-06 11:20:07 UTC
Created attachment 298079 [details, diff]
Patch file
Adds /var/log/openvpn folder and redirects pid files to this directory.
(In reply to comment #1) > Created attachment 298079 [details, diff] [details, diff] > Patch file > > Adds /var/log/openvpn folder and redirects pid files to this directory. Excuse me, but your patch doesn't make sense. Where did you base it off? % grep var/run openvpn-2.1.4.ebuild % % grep VPNPID files/* files/openvpn-2.1.init: VPNPID="/var/run/openvpn.${VPN}.pid" files/openvpn-2.1.init: VPNPID="/var/run/openvpn.pid" Oh, nevermind. I now see that your patch was backwards. It is "diff -u <old> <new>" This bug has gotten really old, can you please retry with openvpn-2.3.12 and see if the issue still exists? Created attachment 469136 [details, diff]
fix the run path on a selinux enforced box
You totally right. I don't have any selinux box with openvpn right now but I can see from the current refpolicy that the issue remain. selinux fc policy from https://github.com/TresysTechnology/refpolicy-contrib/blob/2128180acf3e02131dfb02d7cf1835d0a1f62b1b/openvpn.fc /run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0) /run/openvpn\.client.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0) current init file: VPNPID="/var/run/openvpn.${VPN}.pid" VPNPID="/var/run/openvpn.pid" I noticed my first patch was wrong for multiple reasons. I made another patch which create the /run/openvpn folder the right way. I did not tested it yet. It seems we are shifting from /var/run to /run, so I updated the init to reflect that. |