Well, I do not understand you guys. If you think SELinux is so great, why do you need chroot? It is like you put some money in safe, and then put the safe into another safe, it never ends... Why only two safe, let's put another safe... I know that this is the approach many of security advisors use, but I never could have found the logic. If you want to keep your money safe use a single safe and select the strongest one.
And final note regarding the iproute wrapper. It is a *WRAPPER*, if I needed top secured implementation I would have created a daemon listening to network change requests using unix domain sockets, wrap this up in SELinux profile, and implementing a logic that allows only changes to tap/tun interface with specific attributes, and allowing routing table update with specific details. Then add a wrapper that uses the unix domain socket in order to access the daemon. OpenVPN will use the wrapper so it needs no special privilege. The daemon validates what SELinux or any other security product cannot validate: Network configuration changes. All done within a valid and separate context. As I wrote earlier, most of OpenVPN configurations need to execute iproute also during session. For example, if you like to connect two sites, your super SELinux secured solution will work only at one site. No need to discuss this further. I get your point. Alon.
