Opened 9 years ago

Last modified 7 years ago

#479 new Bug / Defect

Ensure documentation recommends using /var/log for --status files — at Initial Version

Reported by: David Sommerseth Owned by:
Priority: minor Milestone: release 2.4
Component: Documentation Version: OpenVPN 2.3.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: selinux documentation
Cc:

Description

There are several misconfigurations which makes openvpn fail due to --status /etc/openvpn/openvpn-status.log being used instead of /var/log/openvpn-status.log. This happens especially on systems with SELinux enabled, as most SELinux policies does not grant the openvpn process write privileges in /etc.

As the --status file is more like a log file (most examples even use .log extension), placing it in /var/log makes more sense and matches most SELinux policies as well. I suggest using /var/log/openvpn-status.log in all examples.

# semanage fcontext --list | grep openvpn-status
/var/log/openvpn-status\.log.*    regular file    system_u:object_r:openvpn_status_t:s0 

More reports on this issue in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1002240
https://bugzilla.redhat.com/show_bug.cgi?id=1134967

Change History (0)

Note: See TracTickets for help on using tickets.