On 5/30/07, Daniel J Walsh <dwalsh at redhat.com> wrote: > Easiest thing to do is update policy with these two rules. > > # grep openvpn /var/log/audit/audit.log | audit2allow -M myopenvpn > # semodule -i myopenvpn.pp > > This will add the following rules: > allow openvpn_t pppd_t:fd use; > allow openvpn_t self:process execstack; > > The pppd_t:fd is probably a leaked file descriptor and could probably be > dontaudited. > The execstack is potentially a problem in openvpn_t. This is probably a > coding problem and should be reported as a bug/ Daniel, do you mean a bug in SElinux or OpenVPN? Best regards, Bernd.