From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-user+bounces-162093-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id C8EA4138A1A
for <garchives@archives.gentoo.org>; Fri, 13 Feb 2015 11:50:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 684FBE0914;
Fri, 13 Feb 2015 11:50:41 +0000 (UTC)
Received: from mail-pa0-f49.google.com (mail-pa0-f49.google.com [209.85.220.49])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 44ECAE0907
for <gentoo-user@lists.gentoo.org>; Fri, 13 Feb 2015 11:50:40 +0000 (UTC)
Received: by mail-pa0-f49.google.com with SMTP id fb1so18425619pad.8
for <gentoo-user@lists.gentoo.org>; Fri, 13 Feb 2015 03:50:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:content-type;
bh=O/KX0GKfn6kQl8rQTFxwPwcM5Kfo5qKVrWDmufFnfKk=;
b=srTaunfwCcKEqKjNg0iPXzogLpPz7EWFJwDyII1my5yFh6hsX7MgPHuZfJmT924roZ
ksVxdGotwB2+bT6yCJ0QFG3L3gyl2BNvYWYD6Cv3tviUvbSMvgWC2iry6Od0kqfMo22j
eUO/k7o3Q1fY7AgpJCh0qO6UyRu1LOCSLRlZgHVUnTGsMzpYBdK+horW5bjkdKemohqj
+Aoho8FomqiDiLisuUoo00hdJ+3tYjVBgh7ZbN0MpTGPIREkdHSBGIOUMJzjDK/mdm2U
QGgD5ueHll+CrjxBFydbWCsv1V6tWWoAzCBPk81OaZ84XhRsfdFr69yGJEVDeQYL94Jt
fL/g==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.68.132.229 with SMTP id ox5mr14817517pbb.94.1423828239378;
Fri, 13 Feb 2015 03:50:39 -0800 (PST)
Sender: freemanrich@gmail.com
Received: by 10.70.85.39 with HTTP; Fri, 13 Feb 2015 03:50:39 -0800 (PST)
In-Reply-To: <20150213043720.GT31069@syscon7>
References: <20150211185844.GA31069@syscon7>
<54DBCF39.5070900@gmail.com>
<20150211223839.GD31069@syscon7>
<mbgofc$kuc$1@ger.gmane.org>
<CAGfcS_mk5-EK=LToW81TksAUk99bHO2MeGuQZw2+xu1KMnoibw@mail.gmail.com>
<20150213043720.GT31069@syscon7>
Date: Fri, 13 Feb 2015 06:50:39 -0500
X-Google-Sender-Auth: J-_XS2LBmdpojB_04bnPPfoNWgA
Message-ID: <CAGfcS_khVpLB-6N=4b5asTz_6-LTJgx8--XB78wOFq+LWNsyCA@mail.gmail.com>
Subject: Re: [gentoo-user] Re: systemd + openvpn
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 515c4592-8d44-4c69-95d0-f36946bba15b
X-Archives-Hash: 0bce462ead8312e3cac6ce28424198d8
On Thu, Feb 12, 2015 at 11:37 PM, Joseph <syscon780@gmail.com> wrote:
> No, the problem in Fedora was thier "selinux". I suppose to be some extra
> security, but it seems to me it creates only more problems.
A common observation with SELinux. Even so, it definitely DOES
provide additional security. It is a standard Linux feature and
available on Gentoo as well. If the configuration isn't right (and it
is easy to get it wrong) then you'll have problems.
I forget all the details of SELinux, but you should be able to put it
in a mode that logs but does not enforce. Using those logs you should
be able to determine exactly what roles/permissions/labels/etc are
missing. I suspect that if you just dumped the relevant logs on
Fedora's bugzilla that they'd fix their openvpn package for you. If I
had a working SELinux setup I wouldn't be too quick to just completely
disable it over one package.
--
Rich