On Dec 21, 2021, at 14:03, Kevin Becker <ke...@kevinbecker.org> wrote:
> 
> Probably selinux.  I have these notes for configuring a commercial VPN 
> provider to work.
> 
>       sudo ausearch -c 'openvpn' --raw | audit2allow -M my-openvpn
>       sudo semodule -X 300 -i my-openvpn.pp

Ack!  That’s not good advice. That’s basically saying: “whatever broken 
settings you have currently, let it be allowed” blindly. Is it set so open on 
can read all files on your file system now?  Who knows!  Maybe now it’s allowed 
to sniff your network traffic?  You can’t tell!  It is the selinux equivalent 
of just “chmod 777” you see people suggest for file permission problems. 

The appropriate first step is to use “restorecon” to relabel the files in /etc. 
Most likely that would have fixed it.

The “audit2why” command might have mentioned a selinux Boolean or missing 
setting.

--
Jonathan Billings
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to