[GH-ISSUE #9] SELinux policy for CentOS7 #6

New issue

Closed

opened 2026-02-25 22:30:44 +03:00 by kerem · 1 comment

kerem commented

2026-02-25 22:30:44 +03:00

Owner

Originally created by @rene00 on GitHub (Jan 22, 2016).
Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/9

Below is the SELinux policy I had to implement for CentOS7 which differs from what is found within the README. I was running the targeted policy.

allow openvpn_t pppd_etc_t:dir search;
allow openvpn_t pppd_etc_t:file { read getattr open };

Below also works.

$ yum install policycoreutils-python \
    selinux-policy-devel
$ cat - <<EOF > openvpn_otp.te
module openvpn_otp 1.0;

require {
        type openvpn_t;
        type pppd_etc_t;
        class dir { search getattr open };
        class file { ioctl lock read getattr open };
}

#============= openvpn_t ==============
read_files_pattern(openvpn_t, pppd_etc_t, pppd_etc_t)
EOF
$ make -f /usr/share/selinux/devel/Makefile openvpn_otp.pp
$ semodule --install openvpn_otp.pp

Originally created by @rene00 on GitHub (Jan 22, 2016). Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/9 Below is the SELinux policy I had to implement for CentOS7 which differs from what is found within the README. I was running the targeted policy. ``` allow openvpn_t pppd_etc_t:dir search; allow openvpn_t pppd_etc_t:file { read getattr open }; ``` Below also works. ``` $ yum install policycoreutils-python \ selinux-policy-devel $ cat - <<EOF > openvpn_otp.te module openvpn_otp 1.0; require { type openvpn_t; type pppd_etc_t; class dir { search getattr open }; class file { ioctl lock read getattr open }; } #============= openvpn_t ============== read_files_pattern(openvpn_t, pppd_etc_t, pppd_etc_t) EOF $ make -f /usr/share/selinux/devel/Makefile openvpn_otp.pp $ semodule --install openvpn_otp.pp ```