From: paul@city-fan.org (Paul Howarth)
Date: Tue, 01 Sep 2009 14:32:19 +0100
Subject: [refpolicy] services_openvpn.patch
In-Reply-To: <4A9D130B.4040501@redhat.com>
References: <4A9C1161.4040402@redhat.com> <4A9CDBCE.4010106@city-fan.org>
	<4A9D130B.4040501@redhat.com>
Message-ID: <4A9D2263.5090908@city-fan.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/09/09 13:26, Daniel J Walsh wrote:
> On 09/01/2009 04:31 AM, Paul Howarth wrote:
>> On 31/08/09 19:07, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_openvpn.patch
>>>
>>>
>>> Openvpn connects to cache ports and stores files in nfs and cifs
>>> directories.
>>
>> Under what circumstances does openvpn connect to http or http_cache ports?
>>
>> Paul.
>
> I think they are using it to connect through firewalls.
>
> Google openvpn and 80 gives you 174000 messages talking about running openvpn through port 80.

Ah right, so it'll use http_cache_t to do this with a proxy too.

Understood.

Paul.