|Main Archive Page > Month Archives > fedora-selinux archives|
>> That did the trick!
>> It was good that you've included this as a separate module so that I
>> could test it, otherwise I had to patch and recompile the whole
>> policy, then rebuild the image in order to test it and see whether
>> it works.
>> I take it to make this a 'permanent' solution I have to patch and
>> include 'kernel_request_load_module(openvpn_t)' in openvpn.te
>> (forming part of the -44 policy), is that right?
> Yes but Fedora should fix this. It is already fixed in f14 (v3.8.8-14). they just need to back port this to f13/f12
Agreed. I am waiting to see if this patch is going to work in the event
of connection reset/time out (in situations when the connection needs to
be re-established - with/without closing the tun device and possibly
re-establishing the ip address, routing and all other parameters) - in
that case the tun kernel module should already be loaded so if anything
goes wrong I am expecting 'relablefrom' avc to pop up. If not, then all
is well and I am applying this patch permanently.
-- selinux mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/selinux