openvpn and script execution
Moray Henderson
Moray.Henderson at ict-software.org
Tue Sep 14 08:30:06 UTC 2010
Mr Dash Four wrote:
>> Why even put it there. shouldnt it just be in /usr/sbin/ or
something?
>>
>Then I would need to grant permission to /usr/bin in both
openvpn_sudo_t
>AND openvpn_t ... or am I missing something?
>
>Also, one of the scripts creates ".route-up-started" (though that is
>executed by root and within the /etc/init.d/openvpn domain), so I am
not
>sure how this is going to work out.
The way the Samba policy module does things is to define a specific
directory for scripts:
samba.fc:
...
/var/lib/samba/scripts(/.*)?
gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
...
This way you keep the scripts separate from ordinary system binaries,
they automatically get the correct type when installed from rpm, and you
don't need to create a new file context every time you add a script.
Moray.
"To err is human. To purr, feline"
More information about the selinux
mailing list