Can’t launch OpenVPN on Fedora 32 due to SeLinux preventing access to key

Network manager allows you to…

Login

Blog History

Network manager allows you to add certs to an OpenVPN connection but the connection fails with SeLinux enabled

You know it's seLinux because when you disable seLinux it works

# disable seLinux NM openvpn works
setenforce 0

# enable seLinux NM openvpn fails
setenforce 1

Find the error using ausearch

ausearch -c openvpn
time->Fri Jul 10 11:44:19 2020
type=AVC msg=audit(1594345459.224:436): avc:  denied  { open } for  pid=28723 comm="openvpn" path="/home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key" dev="nvme0n1p4" ino=4266932 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Using audit2allow fails because of the error in the following bug report

https://bugzilla.redhat.com/show_bug.cgi?id=1731135#c1

To allow Network Manager OpenVPN connections to work

Copy the cert into $HOME/.cert/nm-openvpn folder and then point network manager at it

Or relabel the cert as per the redhat bugzilla report

semanage fcontext -a -t home_cert_t /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key
restorecon -v /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.