https://bugs.kde.org/show_bug.cgi?id=360482
Bug ID: 360482 Summary: Importing an OpenVPN configuration with embedded certificates yields a defect connection due to SELinux Product: plasma-nm Version: 5.5.5 Platform: Fedora RPMs OS: Linux Status: UNCONFIRMED Severity: minor Priority: NOR Component: editor Assignee: lu...@kde.org Reporter: mar...@rpdev.net CC: jgrul...@redhat.com I tried to import an OpenVPN configuration file with embedded certificates (via File -> Import VPN...). The configuration is correctly imported. When being asked whether to copy the embedded certificates, I answered yes. In my case, I had to edit the newly created connection to enter my personal OpenVPN user name and password. When trying to connect to the VPN, the connection fails. This is due to the imported certificates in $HOME/.local/share/networkmanagement/certificates/$VPN_CON_NAME have an incorrect SELinux context: $ ls -lZ -rw-rw-r--. 1 martin martin unconfined_u:object_r:data_home_t:s0 2317 Mär 13 17:02 ca.crt -rw-rw-r--. 1 martin martin unconfined_u:object_r:data_home_t:s0 602 Mär 13 17:02 tls_auth.key When I run `restorecon *` in that directory, the type context of the files get changed: $ ls -lZ -rw-rw-r--. 1 martin martin unconfined_u:object_r:home_cert_t:s0 2317 Mär 13 17:02 ca.crt -rw-rw-r--. 1 martin martin unconfined_u:object_r:home_cert_t:s0 602 Mär 13 17:02 tls_auth.key Now, connecting to the VPN works as expected. I think the import process should automatically set the correct SELinux context when opening the configuration. Reproducible: Always Steps to Reproduce: 1. In the connection editor, use File -> Import VPN... 2. When being asked whether to copy the embedded certificates, answer "Yes". 3. If required, edit the newly created connection to e.g. provide your VPN user name and password. 4. Try to connect. Actual Results: The connection fails. Expected Results: The connection should be properly established. -- You are receiving this mail because: You are watching all bug changes.