-policy_module(vpn, 1.10.1)
+policy_module(vpn, 1.13.0)
########################################
#
allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:unix_dgram_socket create_socket_perms;
allow vpnc_t self:unix_stream_socket create_socket_perms;
+allow vpnc_t self:tun_socket create_socket_perms;
# cjp: this needs to be fixed
allow vpnc_t self:socket create_socket_perms;
kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t)
kernel_read_all_sysctls(vpnc_t)
+kernel_request_load_module(vpnc_t)
kernel_rw_net_sysctls(vpnc_t)
corenet_all_recvfrom_unlabeled(vpnc_t)
corenet_tcp_sendrecv_generic_if(vpnc_t)
corenet_udp_sendrecv_generic_if(vpnc_t)
corenet_raw_sendrecv_generic_if(vpnc_t)
-corenet_tcp_sendrecv_all_nodes(vpnc_t)
-corenet_udp_sendrecv_all_nodes(vpnc_t)
-corenet_raw_sendrecv_all_nodes(vpnc_t)
+corenet_tcp_sendrecv_generic_node(vpnc_t)
+corenet_udp_sendrecv_generic_node(vpnc_t)
+corenet_raw_sendrecv_generic_node(vpnc_t)
corenet_tcp_sendrecv_all_ports(vpnc_t)
corenet_udp_sendrecv_all_ports(vpnc_t)
-corenet_udp_bind_all_nodes(vpnc_t)
+corenet_udp_bind_generic_node(vpnc_t)
corenet_udp_bind_generic_port(vpnc_t)
corenet_udp_bind_isakmp_port(vpnc_t)
corenet_udp_bind_ipsecnat_port(vpnc_t)
fs_getattr_xattr_fs(vpnc_t)
fs_getattr_tmpfs(vpnc_t)
-term_use_all_user_ptys(vpnc_t)
-term_use_all_user_ttys(vpnc_t)
+term_use_all_ptys(vpnc_t)
+term_use_all_ttys(vpnc_t)
corecmd_exec_all_executables(vpnc_t)
networkmanager_dbus_chat(vpnc_t)
')
')
+
+optional_policy(`
+ networkmanager_attach_tun_iface(vpnc_t)
+')