Two patches from Paul Moore to for ipsec to remove redundant rules and have setkey read the config file.

This commit is contained in:
Chris PeBenito 2007-03-28 18:47:45 +00:00
parent 9e8f65c83e
commit a26923c32e
2 changed files with 9 additions and 3 deletions

View File

@ -1,3 +1,5 @@
- Two patches from Paul Moore to for ipsec to remove redundant rules and
have setkey read the config file.
- Move booleans and tunables to modules when it is only used in a single - Move booleans and tunables to modules when it is only used in a single
module. module.
- Add support for tunables and booleans local to a module. - Add support for tunables and booleans local to a module.

View File

@ -1,5 +1,5 @@
policy_module(ipsec,1.2.2) policy_module(ipsec,1.2.3)
######################################## ########################################
# #
@ -330,8 +330,6 @@ logging_send_syslog_msg(racoon_t)
miscfiles_read_localization(racoon_t) miscfiles_read_localization(racoon_t)
seutil_read_config(setkey_t)
######################################## ########################################
# #
# Setkey local policy # Setkey local policy
@ -341,6 +339,10 @@ allow setkey_t self:capability net_admin;
allow setkey_t self:key_socket { create read setopt write }; allow setkey_t self:key_socket { create read setopt write };
allow setkey_t self:netlink_route_socket create_netlink_socket_perms; allow setkey_t self:netlink_route_socket create_netlink_socket_perms;
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
read_files_pattern(setkey_t,ipsec_conf_file_t,ipsec_conf_file_t)
read_lnk_files_pattern(setkey_t,ipsec_conf_file_t,ipsec_conf_file_t)
# allow setkey to set the context for ipsec SAs and policy. # allow setkey to set the context for ipsec SAs and policy.
allow setkey_t ipsec_spd_t:association setcontext; allow setkey_t ipsec_spd_t:association setcontext;
@ -349,6 +351,8 @@ domain_ipsec_setcontext_all_domains(setkey_t)
files_read_etc_files(setkey_t) files_read_etc_files(setkey_t)
init_dontaudit_use_fds(setkey_t)
locallogin_use_fds(setkey_t) locallogin_use_fds(setkey_t)
libs_use_ld_so(setkey_t) libs_use_ld_so(setkey_t)