https://bugs.kde.org/show_bug.cgi?id=360482
Bug ID: 360482
Summary: Importing an OpenVPN configuration with embedded
certificates yields a defect connection due to SELinux
Product: plasma-nm
Version: 5.5.5
Platform: Fedora RPMs
OS: Linux
Status: UNCONFIRMED
Severity: minor
Priority: NOR
Component: editor
Assignee: lu...@kde.org
Reporter: mar...@rpdev.net
CC: jgrul...@redhat.com
I tried to import an OpenVPN configuration file with embedded certificates (via
File -> Import VPN...). The configuration is correctly imported. When being
asked whether to copy the embedded certificates, I answered yes. In my case, I
had to edit the newly created connection to enter my personal OpenVPN user name
and password.
When trying to connect to the VPN, the connection fails. This is due to the
imported certificates in
$HOME/.local/share/networkmanagement/certificates/$VPN_CON_NAME have an
incorrect SELinux context:
$ ls -lZ
-rw-rw-r--. 1 martin martin unconfined_u:object_r:data_home_t:s0 2317 Mär 13
17:02 ca.crt
-rw-rw-r--. 1 martin martin unconfined_u:object_r:data_home_t:s0 602 Mär 13
17:02 tls_auth.key
When I run `restorecon *` in that directory, the type context of the files get
changed:
$ ls -lZ
-rw-rw-r--. 1 martin martin unconfined_u:object_r:home_cert_t:s0 2317 Mär 13
17:02 ca.crt
-rw-rw-r--. 1 martin martin unconfined_u:object_r:home_cert_t:s0 602 Mär 13
17:02 tls_auth.key
Now, connecting to the VPN works as expected.
I think the import process should automatically set the correct SELinux context
when opening the configuration.
Reproducible: Always
Steps to Reproduce:
1. In the connection editor, use File -> Import VPN...
2. When being asked whether to copy the embedded certificates, answer "Yes".
3. If required, edit the newly created connection to e.g. provide your VPN user
name and password.
4. Try to connect.
Actual Results:
The connection fails.
Expected Results:
The connection should be properly established.
--
You are receiving this mail because:
You are watching all bug changes.
