vpn patch from Dan Walsh
fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type) removed userdom_read_home_certs (not in refpolicy)
This commit is contained in:
parent
155635e33d
commit
b5d89d0325
@ -110,7 +110,7 @@ interface(`vpn_signull',`
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`vpnc_dbus_chat',`
|
interface(`vpn_dbus_chat',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type vpnc_t;
|
type vpnc_t;
|
||||||
class dbus send_msg;
|
class dbus send_msg;
|
||||||
@ -119,3 +119,21 @@ interface(`vpnc_dbus_chat',`
|
|||||||
allow $1 vpnc_t:dbus send_msg;
|
allow $1 vpnc_t:dbus send_msg;
|
||||||
allow vpnc_t $1:dbus send_msg;
|
allow vpnc_t $1:dbus send_msg;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Relabelfrom from vpnc socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`vpn_relabelfrom_tun_socket',`
|
||||||
|
gen_require(`
|
||||||
|
type vpnc_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 vpnc_t:tun_socket relabelfrom;
|
||||||
|
')
|
||||||
|
@ -30,7 +30,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
|
|||||||
allow vpnc_t self:rawip_socket create_socket_perms;
|
allow vpnc_t self:rawip_socket create_socket_perms;
|
||||||
allow vpnc_t self:unix_dgram_socket create_socket_perms;
|
allow vpnc_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow vpnc_t self:unix_stream_socket create_socket_perms;
|
allow vpnc_t self:unix_stream_socket create_socket_perms;
|
||||||
allow vpnc_t self:tun_socket create_socket_perms;
|
allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
|
||||||
# cjp: this needs to be fixed
|
# cjp: this needs to be fixed
|
||||||
allow vpnc_t self:socket create_socket_perms;
|
allow vpnc_t self:socket create_socket_perms;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user