From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 08 Oct 2008 16:07:09 -0400
Subject: [refpolicy] services_openvpn.patch
In-Reply-To: <48DA9F75.6040201@redhat.com>
References: <48DA9F75.6040201@redhat.com>
Message-ID: <1223496429.2165.122.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2008-09-24 at 16:13 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_openvpn.patch
> 
> Add initrc script support
> 
> allow admin to start/stop service
> 
> Admin needs admin_pattern on all file types
> 
> Addition files in /var/log/openvpn need correcl labeling
> 
> needs setgid and sys_chroot
> 
> can exec scrpt files in the config directory
> 
> connect to httpd port
> 
>  Need to interact with terminals if config option "auth-user-pass" is used

Merged except for the terminals change, since sysadm is redundant and
the unconfined part is missing too.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150