Can’t launch OpenVPN on Fedora 32 due to SeLinux preventing access to key

by | Jul 10, 2020 | Fedora, IT Tips | 0 comments

Network manager allows you to add certs to an OpenVPN connection but the connection fails with SeLinux enabled

You know it's seLinux because when you disable seLinux it works

?
1
2
3
4
5
# disable seLinux NM openvpn works
setenforce 0
 
# enable seLinux NM openvpn fails
setenforce 1

Find the error using ausearch

?
1
2
3
ausearch -c openvpn
time->Fri Jul 10 11:44:19 2020
type=AVC msg=audit(1594345459.224:436): avc:  denied  { open } for  pid=28723 comm="openvpn" path="/home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key" dev="nvme0n1p4" ino=4266932 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Using audit2allow fails because of the error in the following bug report

https://bugzilla.redhat.com/show_bug.cgi?id=1731135#c1

To allow Network Manager OpenVPN connections to work

Copy the cert into $HOME/.cert/nm-openvpn folder and then point network manager at it

Or relabel the cert as per the redhat bugzilla report

?
1
2
semanage fcontext -a -t home_cert_t /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key
restorecon -v /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.