trunk: add in polmatch for default spd.
This commit is contained in:
parent
bdccbacdd6
commit
9820351703
@ -93,6 +93,43 @@ interface(`ipsec_read_config',`
|
||||
allow $1 ipsec_conf_file_t:file read_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Match the default SPD entry.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ipsec_match_default_spd',`
|
||||
gen_require(`
|
||||
type ipsec_spd_t;
|
||||
')
|
||||
|
||||
allow $1 ipsec_spd_t:association polmatch;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Set the context of a SPD entry to
|
||||
## the default context.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ipsec_setcontext_default_spd',`
|
||||
gen_require(`
|
||||
type ipsec_spd_t;
|
||||
')
|
||||
|
||||
allow $1 ipsec_spd_t:association setcontext;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete the IPSEC pid files.
|
||||
@ -112,24 +149,6 @@ interface(`ipsec_manage_pid',`
|
||||
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow to set an default security context of IPsec Policy.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ipsec_setcontext_default_spd',`
|
||||
gen_require(`
|
||||
type ipsec_spd_t;
|
||||
')
|
||||
|
||||
allow $1 ipsec_spd_t:association setcontext;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute racoon in the racoon domain.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ipsec,1.4.3)
|
||||
policy_module(ipsec,1.4.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -74,6 +74,7 @@ interface(`unconfined_domain_noaudit',`
|
||||
|
||||
optional_policy(`
|
||||
ipsec_setcontext_default_spd($1)
|
||||
ipsec_match_default_spd($1)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(unconfined,2.0.1)
|
||||
policy_module(unconfined,2.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user