Bernd Bartmann wrote:
Hi,
I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from
Dag Wieers Repo. When OpenVPN is started during boot-up it just shows
an SElinux related error message and does not start. When I start
OpenVPN manually after
the system has come up completely it works fine. Please have a look at
the log extract at the end of this email for all SElinux related
messages.
I already reported this problem to the Centos and SElinux mailing
lists. Daniel Walsh (SElinux guru) had the following suggestions:
I am wondering why the SElinux warnings only occur when OpenVPN is
started at boot-up. OpenVPN's behavior with respect to touching things
that might trigger SELinux errors shouldn't significantly change whether
or not it is started on boot-up or later.
It would be nice if SELinux would produce more useful debug information
such as stack trace (that could be gleaned by looking at the userspace
stack and debug info from gcc -g) or at least indicate if the problem is
in a shared object that's dynamically linked with OpenVPN at run time.
As it is, I'm not aware of any reason why OpenVPN would need stack
execution permission.
James
