Re: openvpn-client@nbecker8 won't start

2021-12-23 Thread Tim via users
On Thu, 2021-12-23 at 20:48 -0500, Todd Zullinger wrote: > If I create a file elsewhere and move or copy into the > location, it's label is not changed (I'd need to use > restorecon or another tool to change it): The behaviour always was: If you move a file, it's existing SELinux contexts go with

Re: openvpn-client@nbecker8 won't start

2021-12-23 Thread Todd Zullinger
Neal Becker wrote: > Well as to how the file had the wrong context, after re-installing F35 > on the new SSD, I copied the /etc/openvpn directory from my borg > backup of the old one. On the old machine I was running with selinux > disabled, so maybe it was wrong there also. > > /etc/openvpn/clie

Re: openvpn-client@nbecker8 won't start

2021-12-23 Thread Neal Becker
Well as to how the file had the wrong context, after re-installing F35 on the new SSD, I copied the /etc/openvpn directory from my borg backup of the old one. On the old machine I was running with selinux disabled, so maybe it was wrong there also. /etc/openvpn/client/nbecker8.conf is a hand-edit

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Ed Greshko
On 23/12/2021 13:08, Todd Zullinger wrote: Ed Greshko wrote: On 22/12/2021 21:26, Neal Becker wrote: sudo ls -lZ /etc/openvpn/client total 4 -rw-r--r--. 1 root openvpn system_u:object_r:openvpn_etc_t:s0 3533 Jan 27 2021 nbecker8.conf This looks the same as other objects in /etc/openvpn/, so I

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Todd Zullinger
Ed Greshko wrote: > On 22/12/2021 21:26, Neal Becker wrote: >> sudo ls -lZ /etc/openvpn/client >> total 4 >> -rw-r--r--. 1 root openvpn system_u:object_r:openvpn_etc_t:s0 3533 Jan >> 27 2021 nbecker8.conf >> >> This looks the same as other objects in /etc/openvpn/, so I'm guessing >> it's correct

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Kevin Becker
> On Dec 21, 2021, at 5:13 PM, Jonathan Billings wrote: > > On Dec 21, 2021, at 14:03, Kevin Becker wrote: >> >> Probably selinux. I have these notes for configuring a commercial VPN >> provider to work. >> >> sudo ausearch -c 'openvpn' --raw | audit2allow -M my-openvpn >> sudo sem

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Ed Greshko
On 22/12/2021 21:26, Neal Becker wrote: sudo ls -lZ /etc/openvpn/client total 4 -rw-r--r--. 1 root openvpn system_u:object_r:openvpn_etc_t:s0 3533 Jan 27 2021 nbecker8.conf This looks the same as other objects in /etc/openvpn/, so I'm guessing it's correctly labeled? sudo ls -lZ /etc/openvpn/

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Neal Becker
sudo ls -lZ /etc/openvpn/client total 4 -rw-r--r--. 1 root openvpn system_u:object_r:openvpn_etc_t:s0 3533 Jan 27 2021 nbecker8.conf This looks the same as other objects in /etc/openvpn/, so I'm guessing it's correctly labeled? sudo ls -lZ /etc/openvpn/ total 16 drwxr-x---. 1 root openvpn system

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Ed Greshko
On 22/12/2021 20:30, Neal Becker wrote: So what exactly would be the restorecon command to use here? The first question to answer is, what is the output of ls -Z /etc/openvpn/client/nbecker8.conf -- Did 황준호 die? ___ users mailing list -- users@lists

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Neal Becker
So what exactly would be the restorecon command to use here? On Wed, Dec 22, 2021 at 7:27 AM Neal Becker wrote: > > sudo ausearch -c 'openvpn' > > time->Tue Dec 21 14:10:56 2021 > type=AVC msg=audit(1640113856.260:3683): avc: denied { open } for > pid=120287 comm="openvpn" path="/etc/openvpn/

Re: openvpn-client@nbecker8 won't start

2021-12-22 Thread Neal Becker
sudo ausearch -c 'openvpn' time->Tue Dec 21 14:10:56 2021 type=AVC msg=audit(1640113856.260:3683): avc: denied { open } for pid=120287 comm="openvpn" path="/etc/openvpn/client/nbecker8.conf" dev="nvme0n1p3" ino=167775 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:fusefs_t:

Re: openvpn-client@nbecker8 won't start

2021-12-21 Thread Jonathan Billings
On Dec 21, 2021, at 14:03, Kevin Becker wrote: > > Probably selinux. I have these notes for configuring a commercial VPN > provider to work. > > sudo ausearch -c 'openvpn' --raw | audit2allow -M my-openvpn > sudo semodule -X 300 -i my-openvpn.pp Ack! That’s not good advice. That’

Re: openvpn-client@nbecker8 won't start

2021-12-21 Thread Neal Becker
Thanks, you are correct! selinux strikes again. On Tue, Dec 21, 2021 at 2:03 PM Kevin Becker wrote: > > On Tue, 2021-12-21 at 11:40 -0500, Neal Becker wrote: > > I had a drive crash on a server running F34. After replacing the > drive and installing F35, I can't get openvpn-client@nbecker8 to >

Re: openvpn-client@nbecker8 won't start

2021-12-21 Thread Kevin Becker
On Tue, 2021-12-21 at 11:40 -0500, Neal Becker wrote: > I had a drive crash on a server running F34.  After replacing the > drive and installing F35, I can't get openvpn-client@nbecker8 to > start.  journalctl says: > Dec 21 11:26:14 nbecker8 openvpn[80875]: Options error: In > [CMD-LINE]:1: Error

openvpn-client@nbecker8 won't start

2021-12-21 Thread Neal Becker
I had a drive crash on a server running F34. After replacing the drive and installing F35, I can't get openvpn-client@nbecker8 to start. journalctl says: Dec 21 11:26:14 nbecker8 openvpn[80875]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/client/nbecker8.conf T