| 1 |
On Thu, Feb 12, 2015 at 11:37 PM, Joseph <syscon780@×××××.com> wrote: |
| 2 |
> No, the problem in Fedora was thier "selinux". I suppose to be some extra |
| 3 |
> security, but it seems to me it creates only more problems. |
| 4 |
|
| 5 |
A common observation with SELinux. Even so, it definitely DOES |
| 6 |
provide additional security. It is a standard Linux feature and |
| 7 |
available on Gentoo as well. If the configuration isn't right (and it |
| 8 |
is easy to get it wrong) then you'll have problems. |
| 9 |
|
| 10 |
I forget all the details of SELinux, but you should be able to put it |
| 11 |
in a mode that logs but does not enforce. Using those logs you should |
| 12 |
be able to determine exactly what roles/permissions/labels/etc are |
| 13 |
missing. I suspect that if you just dumped the relevant logs on |
| 14 |
Fedora's bugzilla that they'd fix their openvpn package for you. If I |
| 15 |
had a working SELinux setup I wouldn't be too quick to just completely |
| 16 |
disable it over one package. |
| 17 |
|
| 18 |
-- |
| 19 |
Rich |
Archives