OpenVPN can be configured to launch a script each time a client connect.
In this script, I would like to send a mail using the classic /bin/mail command.
SELinux doesn't allow this.
It would be nice to have a boolean like Apache: httpd_can_sendmail or maybe a different context for the scripts.
Currently OpenVPN has only openvpn_enable_homedirs.
Since I am no SELinux expert, I used a simple workaround:
(inspired from http://darkness.codefu.org/wordpress/20 ... -centos-5/)
Code: Select all
$ cat openvpn_cc.te
I am using CentOS 6.3 and openvpn-2.2.2
My questions are:
- Should I post upstream to Fedora ??
- Should I try to set a context for the script or is it OK to allow openvpn to send mail ?