Opened 5 years ago

#560 new Bug / Defect

HOWTO improvements - chroot locations

Reported by: David Sommerseth Owned by:
Priority: minor Milestone:
Component: Documentation Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: howto chroot
Cc:

Description

The official OpenVPN HOWTO could need some improvements to avoid bad configurations.

On todays Linux systems, there may be security mechanisms (SELinux, apparmor, Tomoyo, etc) which may restrict where chroots can be located. If a wrong location is used, OpenVPN will not work.

We cannot and should not have specific guides for any of these security mechanisms - as how they are configured and works is a broad topic. But the default security configurations normally follow fairly standard and defacto specifications. So for example, they will most likely not appreciate chroots in /etc.

So I propose we add some information about typical/common directories for chroots which covers the Unix "spirit". The goal is to teach users to do the right thing, which hopefully will reduce the amount of support on these topics.

If there are similar options in OpenVPN which could be covered by this ticket, feel free to expand this ticket for those options. But don't let it be too broad ;-)

Change History (0)

Note: See TracTickets for help on using tickets.