Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread David Balazic
Hi! As this discussion has not much to do with the rc19 release, would you please change the subject ? Like "OpenVPN and SELinux" or "Securing the OpenVPN process" ... Thanks, David > -Original Message- > From: Karl O. Pinc [mailto:k...@meme.com] > Sent: Wednesday, July 29, 2009 6:17

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread Karl O. Pinc
On 07/28/2009 11:47:57 PM, Alon Bar-Lev wrote: > Well, > I do not understand you guys. > > If you think SELinux is so great, why do you need chroot? > It is like you put some money in safe, and then put the safe into > another safe, it never ends... Why only two safe, let's put another > safe... >

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread Michael H. Warfield
On Wed, 2009-07-29 at 07:47 +0300, Alon Bar-Lev wrote: > Well, > I do not understand you guys. > If you think SELinux is so great, why do you need chroot? > It is like you put some money in safe, and then put the safe into > another safe, it never ends... Why only two safe, let's put another > saf

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread David Sommerseth
On 29/07/09 03:49, Karl O. Pinc wrote: > On 07/28/2009 04:22:09 PM, Sebastien Raveau wrote: > > >> If I understand you correctly, that is, if you are suggesting that >> OpenVPN should automatically apply a SELinux context if setcon() is >> available... I'll have to disagree with you. Not that I r

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread Sebastien Raveau
On Wed, Jul 29, 2009 at 6:47 AM, Alon Bar-Lev wrote: > Well, > I do not understand you guys. > > If you think SELinux is so great, why do you need chroot? > It is like you put some money in safe, and then put the safe into > another safe, it never ends... Why only two safe, let's put another > safe

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread David Sommerseth
On 29/07/09 06:47, Alon Bar-Lev wrote: > Well, > I do not understand you guys. > > If you think SELinux is so great, why do you need chroot? > It is like you put some money in safe, and then put the safe into > another safe, it never ends... Why only two safe, let's put another > safe... > I know

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread Alon Bar-Lev
Well, I do not understand you guys. If you think SELinux is so great, why do you need chroot? It is like you put some money in safe, and then put the safe into another safe, it never ends... Why only two safe, let's put another safe... I know that this is the approach many of security advisors use

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

2009-07-29 Thread Karl O. Pinc
On 07/28/2009 04:22:09 PM, Sebastien Raveau wrote: > If I understand you correctly, that is, if you are suggesting that > OpenVPN should automatically apply a SELinux context if setcon() is > available... I'll have to disagree with you. Not that I reject the > idea of enforcing security measures