Open zero88 opened 3 years ago
sudo semanage fcontext -a -t NetworkManager_etc_t '/app/vpnclient/runtime/vpn-runtime-nameserver.conf'
sudo restorecon -v '/app/vpnclient/runtime/vpn-runtime-nameserver.conf'
sudo semanage fcontext -a -t dhcpc_state_t '/app/vpnclient/runtime'
sudo restorecon -v '/app/vpnclient/runtime'
Pushed first commit to build SELinux policy in order to run client on Fedora or SELinux enabled systems
Original quote the content of README file
Tested on Fedora
Prerequisites packages:
Other prerequisites:
playio-vpnc
executatble folder path is existed, it's defaulted to /app
setsebool -P domain_can_mmap_files 1
setsebool -P domain_kernel_load_modules 1
setsebool -P daemons_enable_cluster_mode 1
Build and install the policy:
Change to this folder selinux
and run below command:
make -f /usr/share/selinux/devel/Makefile playio_vpnc.pp
semodule -i playio_vpnc.pp
restorecon -FRv /app
Is your feature request related to a problem? Please describe.
Mandatory Access control Some deny access from linux security when using
vpnclient
that make DNS resolver is unable to process automaticallyCreate profile to support:
ubuntu
/debian
/archlinux
centos
/fedora
/rhel
SELINUX GuideOn IoT device, it isn't enable by default, but should be in future. So provide this enhancement as optional then let user decide whether to use it
Hardening option for
systemd service