The new openvpn seems to use /tmp. The following errors occur when starting it: ''' # /etc/init.d/openvpn start * Starting openvpn ... * start-stop-daemon: failed to start `/usr/sbin/openvpn' * Check your logs to see why startup failed [ !! ] * ERROR: openvpn failed to start ==> openvpn.log <== Options error: Temporary directory (--tmp-dir) fails with '/tmp': Permission denied ==> avc.log <== ...: avc: denied { read write search } for pid=1613 comm="openvpn" name="/" dev="tmpfs" ino=3830 ipaddr=..... scontext=staff_u:system_r:openvpn_t tcontext=system_u:object_r:tmp_t tclass=dir ''' A grep 'tmp_dir' in the openvpn source seems to reveal that no folder is created in tmp_dir, only files (calls to create_temp_file and check_file_access only). The following declarations are enough to make openvpn start: ''' type openvpn_tmp_t; files_tmp_file(openvpn_tmp_t); manage_files_pattern(openvpn_t, openvpn_tmp_t, openvpn_tmp_t); files_tmp_filetrans(openvpn_t, openvpn_tmp_t, file); '''
Is in repo, will be in rev 2
In repo, ~arch (rev 2 of the policies)
r2 is now stable