Ask Your Question
1

How to understand an SELinux file "permission denied" issue? [closed]

asked 2015-04-29 20:27:55 -0500

Steve HHH gravatar image

updated 2015-04-29 20:32:14 -0500

The following error appears in /var/log/messages when I attempt to start OpenVPN from the Xfce NetworkManager applet (it can't open /home/me/openvpn/client.crt) using Fedora 21:

Apr 29 15:53:59 l512 nm-openvpn[30077]: Cannot load certificate file /home/me/openvpn/client.crt: error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Apr 29 15:53:59 l512 nm-openvpn[30077]: Exiting due to fatal error
Apr 29 15:53:59 l512 NetworkManager: (nm-openvpn-service:30072): nm-openvpn-WARNING **: openvpn exited with error code 1

If I disable SELinux, this error does not occur, and OpenVPN connects successfully.

I don't want to disable SELinux, but I've found the SELinux documentation impenetrable. What do I need to do to SELinux in order to allow the NetworkManager applet read access to the certificate file /home/me/openvpn/client.crt?

I'm not asking for the exact command, per se, but where do I need to look to understand what's trying to access the file, why access is denied, and which section(s) of the SELinux documentation to understand how to fix it? The file has permissions 0600.

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by Steve HHH
close date 2015-04-30 16:40:06.795222

Comments

Steve HHH gravatar imageSteve HHH ( 2015-04-30 16:40:25 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
2

answered 2015-04-29 20:51:23 -0500

aeperezt gravatar image

add a .cert folder and copy the certification files there change the path on your vpn connection so it works with the .cert folder.

edit flag offensive delete link more

Comments

Thanks! Copying the certificates to ~/.cert works, if you reset the SELinux permissions with the restorecon -R -v ~/.cert command, as mentioned in this answer to a similar question.

Steve HHH gravatar imageSteve HHH ( 2015-04-29 23:54:30 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2015-04-29 20:27:55 -0500

Seen: 5,797 times

Last updated: Apr 29 '15