Can’t launch OpenVPN on Fedora 32 due to SeLinux preventing access to key

Written by James McDonald

Fedora | IT Tips

0 Comments(s)

July 10, 2020

Network manager allows you to add certs to an OpenVPN connection but the connection fails with SeLinux enabled

You know it’s seLinux because when you disable seLinux it works

# disable seLinux NM openvpn works
setenforce 0

# enable seLinux NM openvpn fails
setenforce 1

Find the error using ausearch

ausearch -c openvpn
time->Fri Jul 10 11:44:19 2020
type=AVC msg=audit(1594345459.224:436): avc:  denied  { open } for  pid=28723 comm="openvpn" path="/home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key" dev="nvme0n1p4" ino=4266932 scontext=system_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Using audit2allow fails because of the error in the following bug report

https://bugzilla.redhat.com/show_bug.cgi?id=1731135#c1

To allow Network Manager OpenVPN connections to work

Copy the cert into $HOME/.cert/nm-openvpn folder and then point network manager at it

Or relabel the cert as per the redhat bugzilla report

semanage fcontext -a -t home_cert_t /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key
restorecon -v /home/user/GDrive/Toggen/OpenVPN/tgn-ln01-key.key

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Clear HSTS Settings in CHrome

Apr 15, 2024

Open chrome://net-internals/#hsts enter the domain in the query field and click Query to confirm it has HSTS settings...

Ubuntu on Hyper-v

Apr 13, 2024

It boils town to installing linux-azure # as root or sudo apt-get update apt-get install linux-azure...