|Main Archive Page > Month Archives > fedora-selinux archives|
This is actually a "multi-part" question..... I'm on F16 using KDE.
As a regular user I'm attempting to create an openVPN configuration
which uses X.509 certs. I wanted to place the certs in $HOME/.openVPN
but ran into a problem. The logs showed the following error:
Jan 15 10:31:51 f16-1 nm-openvpn: Cannot load certificate file
library:fopen:Permission denied: error:20074002:BIO
routines:FILE_CTRL:system lib: error:140AD002:SSL
After a bunch of head scratching and diagnosing I guessed that it must
have been due to an selinux setting and confirmed this by switching to
There were no log entries for the selinux denial. I saw in the archives
the pointer to http://danwalsh.livejournal.com/11673.html but running
the suggested "semodule -DB" didn't result in what I expected. I didn't
get any "usable" error message but these appeared instead.
Jan 15 10:36:05 f16-1 sedispatch: AVC Message for setroubleshoot,
So, I have (I think) 2 questions.....
1. What would need to be done to have meaningful selinux messages
written to the logs so they can be troubleshot?
2. What change could be made to allow the certs to be in $HOME/.openVPN?
Another comment would also be.... Why is the default situation that no
log entries or alerts are created? Doesn't that obscure the fact that a
selinux issue is preventing something and making it harder to diagnose?
-- selinux mailing list email@example.com https://admin.fedoraproject.org/mailman/listinfo/selinux