On 8/21/07, James Yonan wrote: > I am wondering why the SElinux warnings only occur when OpenVPN is > started at boot-up. OpenVPN's behavior with respect to touching things > that might trigger SELinux errors shouldn't significantly change whether > or not it is started on boot-up or later. > > It would be nice if SELinux would produce more useful debug information > such as stack trace (that could be gleaned by looking at the userspace > stack and debug info from gcc -g) or at least indicate if the problem is > in a shared object that's dynamically linked with OpenVPN at run time. > As it is, I'm not aware of any reason why OpenVPN would need stack > execution permission.
How can we debug this further? It would be good to get rid of any SElinux warnings / error messages. May be this comes from a still hidden buffer overrun problem so that code placed on the stack? Best regards, Bernd.
