## Virtual Private Networking client ######################################## ## ## Execute VPN clients in the vpnc domain. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_domtrans',` gen_require(` type vpnc_t, vpnc_exec_t; ') domtrans_pattern($1, vpnc_exec_t, vpnc_t) ') ######################################## ## ## Execute VPN clients in the vpnc domain, and ## allow the specified role the vpnc domain. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`vpn_run',` gen_require(` type vpnc_t; ') vpn_domtrans($1) role $2 types vpnc_t; sysnet_run_ifconfig(vpnc_t, $2) ') ######################################## ## ## Send VPN clients the kill signal. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_kill',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process sigkill; ') ######################################## ## ## Send generic signals to VPN clients. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_signal',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process signal; ') ######################################## ## ## Send signull to VPN clients. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_signull',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process signull; ') ######################################## ## ## Send and receive messages from ## Vpnc over dbus. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_dbus_chat',` gen_require(` type vpnc_t; class dbus send_msg; ') allow $1 vpnc_t:dbus send_msg; allow vpnc_t $1:dbus send_msg; ') ######################################## ## ## Relabelfrom from vpnc socket. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_relabelfrom_tun_socket',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:tun_socket relabelfrom; ')