[Bug 175047] Review Request: NetworkManager-openvpn

bugzilla at redhat.com bugzilla at redhat.com
Tue Jul 11 00:34:31 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: NetworkManager-openvpn


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175047





------- Additional Comments From bjohnson at symetrix.com  2006-07-10 20:25 EST -------
Observations:

1) When a new VPN is added, it does not appear until after NetworkManager is
restarted.  Ideally, it would show up immediately.

2) There is still some interaction with selinux that needs to be dealt with
(this output was run in permissive mode to capture full set of messages):

Jul 10 18:25:24 localhost kernel: audit(1152577524.671:21): avc:  denied  {
node_bind } for  pid=2781 comm="openvpn" saddr=127.0.0.1 src=1194
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:lo_node_t:s0 tclass=tcp_socket
Jul 10 18:25:24 localhost kernel: audit(1152577524.671:22): avc:  denied  {
search } for  pid=2781 comm="openvpn" name="etc" dev=dm-1 ino=818771
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=dir
Jul 10 18:25:24 localhost kernel: audit(1152577524.671:23): avc:  denied  { read
} for  pid=2781 comm="openvpn" name="bjohnson.crt" dev=dm-1 ino=818840
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=file
Jul 10 18:25:24 localhost kernel: audit(1152577524.671:24): avc:  denied  {
getattr } for  pid=2781 comm="openvpn" name="bjohnson.crt" dev=dm-1 ino=818840
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=user_u:object_r:user_home_t:s0 tclass=file
Jul 10 18:25:30 localhost kernel: audit(1152577530.332:25): avc:  denied  { read
write } for  pid=2781 comm="openvpn" name="tun" dev=tmpfs ino=1315
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
Jul 10 18:25:30 localhost kernel: audit(1152577530.332:26): avc:  denied  {
ioctl } for  pid=2781 comm="openvpn" name="tun" dev=tmpfs ino=1315
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file

3) On the "Create VPN Connection 2 of 2" screen, if you click the "Optional
Information" area, the window expands well outside of the borders of my display
(1440x900).  I would guess that you want to try to stay near the lowest common
denominator, maybe 600 pixels tall.

Other than that, it looks good, and useful (bug from comment #9 is gone).


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the package-review mailing list