openvpn and script execution
Dominick Grift
domg472 at gmail.com
Mon Sep 13 19:20:14 UTC 2010
On Mon, Sep 13, 2010 at 08:17:53PM +0100, Mr Dash Four wrote:
>
> >whether they have any access at all depends on what access you specify.
> >So unless you allow your new domain to interact with the type foro that location, access is denied.
> That's what I thought - this domain will need read access to this
> directory, but since it has already been labelled openvpn_etc_t and
> I can't add another SELinux label I need to grant openvpn_sudo_t the
> same permission to openvpn_etc_t as openvpn_t currently has (the
> macro name used to do this in openvpn.te escapes me at the moment
> but I will find it).
Why even put it there. shouldnt it just be in /usr/sbin/ or something?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100913/a9ab5c9e/attachment.bin
More information about the selinux
mailing list