openvpn and script execution

[Mr Dash Four]

> whether they have any access at all depends on what access you specify.
> So unless you allow your new domain to interact with the type foro that location, access is denied.
>   
That's what I thought - this domain will need read access to this 
directory, but since it has already been labelled openvpn_etc_t and I 
can't add another SELinux label I need to grant openvpn_sudo_t the same 
permission to openvpn_etc_t as openvpn_t currently has (the macro name 
used to do this in openvpn.te escapes me at the moment but I will find it).