Merge pull request #104 from croepha/selinux

Selinux policy and docs
2016-02-17 15:07:15 -08:00
parent 70b70e298d 9b824fb35a
commit bd51bb273e
3 changed files with 31 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -171,3 +171,8 @@ of a guarantee in the future.
     * OpenVPN core 3.0 android armv7a thumb2 32-bit
  * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4
  * ArchLinux OpenVPN pkg 2.3.4-1
+  * 
+
+## Having permissions issues with Selinux enabled?
+
+See [this](docs/selinux.md)
--- a/docs/docker-openvpn.te
+++ b/docs/docker-openvpn.te
@@ -0,0 +1,10 @@
+module docker-openvpn 1.0;
+
+require {
+	type svirt_lxc_net_t;
+	class tun_socket create;
+}
+
+#============= svirt_lxc_net_t ==============
+allow svirt_lxc_net_t self:tun_socket create;
+
--- a/docs/selinux.md
+++ b/docs/selinux.md
@@ -0,0 +1,16 @@
+# For hosts that use SELinux
+
+Try this [policy file](docker-openvpn.te)
+
+Run these commands to compile and load it:
+
+```
+checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te
+semodule_package -o docker-openvpn.pp -m docker-openvpn.mod
+sudo semodule -i docker-openvpn.pp
+```
+
+# Still having issues?
+
+In January 2016, Fedora based systems got an update that fixed an issue for labeling namespaced net objects under /proc
+to fix, make sure that you have run `sudo dnf update` and you need to reboot to load the new policies