rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

vpn patch from Dan Walsh

Browse Source 
Edits:
 - Removed userdom_read_home_certs
This commit is contained in:
Jeremy Solt 2010-05-24 10:12:43 -04:00 committed by Chris PeBenito
parent 37194ac055
commit fdc0d0f77c
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/modules/admin/vpn.te
View File

@ -31,7 +31,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
allow vpnc_t self:rawip_socket create_socket_perms; allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:unix_dgram_socket create_socket_perms; allow vpnc_t self:unix_dgram_socket create_socket_perms;
allow vpnc_t self:unix_stream_socket create_socket_perms; allow vpnc_t self:unix_stream_socket create_socket_perms;
allow vpnc_t self:tun_socket create; allow vpnc_t self:tun_socket { create_socket_perms };
# cjp: this needs to be fixed # cjp: this needs to be fixed
allow vpnc_t self:socket create_socket_perms; allow vpnc_t self:socket create_socket_perms;
@ -46,6 +46,7 @@ files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
kernel_read_system_state(vpnc_t) kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t) kernel_read_network_state(vpnc_t)
kernel_read_all_sysctls(vpnc_t) kernel_read_all_sysctls(vpnc_t)
kernel_request_load_module(vpnc_t)
kernel_rw_net_sysctls(vpnc_t) kernel_rw_net_sysctls(vpnc_t)
corenet_all_recvfrom_unlabeled(vpnc_t) corenet_all_recvfrom_unlabeled(vpnc_t)
@ -115,3 +116,7 @@ optional_policy(`
networkmanager_dbus_chat(vpnc_t) networkmanager_dbus_chat(vpnc_t)
') ')
') ')
optional_policy(`
networkmanager_attach_tun_iface(vpnc_t)
')