The following is the selinux module that can be used if you want to enable openvpn and ssh via google auth:
module openvpncustom 1.0;
require {
type openvpn_t;
type user_home_t;
type auth_home_t;
type sshd_t;
type openvpn_etc_t;
type etc_t;
type user_home_dir_t;
class dir { add_name remove_name write };
class file { create getattr open read rename unlink write };
}
#============= openvpn_t ==============
#!!!! This avc is allowed in the current policy
allow openvpn_t auth_home_t:file { create getattr open read rename unlink write };
allow openvpn_t user_home_t:file open;
#!!!! This avc is allowed in the current policy
allow openvpn_t etc_t:file write;
#!!!! This avc is allowed in the current policy
allow openvpn_t openvpn_etc_t:file write;
#!!!! This avc is allowed in the current policy
allow openvpn_t user_home_dir_t:dir { add_name remove_name write };
#!!!! This avc is allowed in the current policy
allow openvpn_t user_home_dir_t:file { create getattr open read rename unlink write };
#============= sshd_t ==============
#!!!! This avc is allowed in the current policy
allow sshd_t user_home_dir_t:file { open read unlink getattr };
allow sshd_t user_home_t:file unlink;
Save the above in openvpncustom.te
Then execute the following to apply the above selinux module:
yum install selinux-policy-devel
checkmodule -M -m -o openvpncustom.mod openvpncustom.te
semodule_package -o openvpncustom.pp -m openvpncustom.mod
semodule -i openvpncustom.pp
A Passionate Techie 