]> git.ipfire.org Git - people/stevee/selinux-policy.git/blobdiff - policy/modules/admin/vpn.te
projects / people / stevee / selinux-policy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bump module versions for release.
[people/stevee/selinux-policy.git] / policy / modules / admin / vpn.te
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 7eb40c318936b46d054778b5725b31e1c904dfc2..c19d502f6139179e5fb1158c12336b8ff6ab871a 100644 (file)
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
 
-policy_module(vpn, 1.8.2)
+policy_module(vpn, 1.13.0)
 
 ########################################
 #
@@ -31,6 +31,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
 allow vpnc_t self:rawip_socket create_socket_perms;
 allow vpnc_t self:unix_dgram_socket create_socket_perms;
 allow vpnc_t self:unix_stream_socket create_socket_perms;
+allow vpnc_t self:tun_socket create_socket_perms;
 # cjp: this needs to be fixed
 allow vpnc_t self:socket create_socket_perms;
 
@@ -45,19 +46,20 @@ files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
 kernel_read_system_state(vpnc_t)
 kernel_read_network_state(vpnc_t)
 kernel_read_all_sysctls(vpnc_t)
+kernel_request_load_module(vpnc_t)
 kernel_rw_net_sysctls(vpnc_t)
 
 corenet_all_recvfrom_unlabeled(vpnc_t)
 corenet_all_recvfrom_netlabel(vpnc_t)
-corenet_tcp_sendrecv_all_if(vpnc_t)
-corenet_udp_sendrecv_all_if(vpnc_t)
-corenet_raw_sendrecv_all_if(vpnc_t)
-corenet_tcp_sendrecv_all_nodes(vpnc_t)
-corenet_udp_sendrecv_all_nodes(vpnc_t)
-corenet_raw_sendrecv_all_nodes(vpnc_t)
+corenet_tcp_sendrecv_generic_if(vpnc_t)
+corenet_udp_sendrecv_generic_if(vpnc_t)
+corenet_raw_sendrecv_generic_if(vpnc_t)
+corenet_tcp_sendrecv_generic_node(vpnc_t)
+corenet_udp_sendrecv_generic_node(vpnc_t)
+corenet_raw_sendrecv_generic_node(vpnc_t)
 corenet_tcp_sendrecv_all_ports(vpnc_t)
 corenet_udp_sendrecv_all_ports(vpnc_t)
-corenet_udp_bind_all_nodes(vpnc_t)
+corenet_udp_bind_generic_node(vpnc_t)
 corenet_udp_bind_generic_port(vpnc_t)
 corenet_udp_bind_isakmp_port(vpnc_t)
 corenet_udp_bind_ipsecnat_port(vpnc_t)
@@ -76,8 +78,8 @@ domain_use_interactive_fds(vpnc_t)
 fs_getattr_xattr_fs(vpnc_t)
 fs_getattr_tmpfs(vpnc_t)
 
-term_use_all_user_ptys(vpnc_t)
-term_use_all_user_ttys(vpnc_t)
+term_use_all_ptys(vpnc_t)
+term_use_all_ttys(vpnc_t)
 
 corecmd_exec_all_executables(vpnc_t)
 
@@ -90,8 +92,6 @@ auth_use_nsswitch(vpnc_t)
 
 libs_exec_ld_so(vpnc_t)
 libs_exec_lib_files(vpnc_t)
-libs_use_ld_so(vpnc_t)
-libs_use_shared_libs(vpnc_t)
 
 locallogin_use_fds(vpnc_t)
 
@@ -107,12 +107,16 @@ sysnet_etc_filetrans_config(vpnc_t)
 sysnet_manage_config(vpnc_t)
 
 userdom_use_all_users_fds(vpnc_t)
-userdom_dontaudit_search_all_users_home_content(vpnc_t)
+userdom_dontaudit_search_user_home_content(vpnc_t)
 
 optional_policy(`
-       dbus_system_bus_client_template(vpnc, vpnc_t)
+       dbus_system_bus_client(vpnc_t)
 
        optional_policy(`
                networkmanager_dbus_chat(vpnc_t)
        ')
 ')
+
+optional_policy(`
+       networkmanager_attach_tun_iface(vpnc_t)
+')
The IPFire selinux policy.