From 8356a664d80bfc982007e5ed4d4e7a8bd72df364 Mon Sep 17 00:00:00 2001 From: David Butler Date: Wed, 10 Feb 2016 12:25:45 -0600 Subject: [PATCH 1/4] Added linux policy file --- docs/docker-openvpn.te | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 docs/docker-openvpn.te diff --git a/docs/docker-openvpn.te b/docs/docker-openvpn.te new file mode 100644 index 0000000..d3a1d22 --- /dev/null +++ b/docs/docker-openvpn.te @@ -0,0 +1,10 @@ +module docker-openvpn 1.0; + +require { + type svirt_lxc_net_t; + class tun_socket create; +} + +#============= svirt_lxc_net_t ============== +allow svirt_lxc_net_t self:tun_socket create; + From 44055aa687fc95cc0138f79bde82c921269ac03b Mon Sep 17 00:00:00 2001 From: David Butler Date: Wed, 10 Feb 2016 12:34:35 -0600 Subject: [PATCH 2/4] added docs for SELinux policy file --- docs/selinux.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docs/selinux.md diff --git a/docs/selinux.md b/docs/selinux.md new file mode 100644 index 0000000..106d0fd --- /dev/null +++ b/docs/selinux.md @@ -0,0 +1,16 @@ +# For hosts that use SELinux + +Try this [policy file](docker-openvpn.te) + +Run these commands to compile and load it: + +``` +checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te +semodule_package -o docker-openvpn.pp -m docker-openvpn.mod +sudo semodule -i docker-openvpn.pp +``` + +# Still having issues? + +In January 2016, Fedora bases systems got an update that fixed an issue for labeling namespaced net objects under /proc +to fix, make sure that you have run `sudo dnf update` and you need to reboot to load the new policies From 7a9abf4c14388a09797186c082b509ffb9e1ca86 Mon Sep 17 00:00:00 2001 From: David Butler Date: Wed, 10 Feb 2016 12:37:56 -0600 Subject: [PATCH 3/4] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 2099c33..604b9c7 100644 --- a/README.md +++ b/README.md @@ -171,3 +171,8 @@ of a guarantee in the future. * OpenVPN core 3.0 android armv7a thumb2 32-bit * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4 * ArchLinux OpenVPN pkg 2.3.4-1 + * + +## Having permissions issues with Selinux enabled? + +See [this](docs/selinux.md) From 9b824fb35ab69c92a94cada81ad5e7d76d2f6bbc Mon Sep 17 00:00:00 2001 From: David Butler Date: Wed, 10 Feb 2016 13:01:54 -0600 Subject: [PATCH 4/4] Fix typo --- docs/selinux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/selinux.md b/docs/selinux.md index 106d0fd..e35c04d 100644 --- a/docs/selinux.md +++ b/docs/selinux.md @@ -12,5 +12,5 @@ sudo semodule -i docker-openvpn.pp # Still having issues? -In January 2016, Fedora bases systems got an update that fixed an issue for labeling namespaced net objects under /proc +In January 2016, Fedora based systems got an update that fixed an issue for labeling namespaced net objects under /proc to fix, make sure that you have run `sudo dnf update` and you need to reboot to load the new policies