[selinux-policy: 2261/3172] openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories

[Daniel J Walsh]

commit f2f296ba6064f9ba343888e1a658425311890896
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Sep 2 09:24:10 2009 -0400

    openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories.

 policy/modules/services/openvpn.te |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index b7853fe..4ad43ef 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
 
-policy_module(openvpn, 1.8.1)
+policy_module(openvpn, 1.8.2)
 
 ########################################
 #
@@ -87,6 +87,7 @@ corenet_tcp_bind_openvpn_port(openvpn_t)
 corenet_udp_bind_openvpn_port(openvpn_t)
 corenet_tcp_connect_openvpn_port(openvpn_t)
 corenet_tcp_connect_http_port(openvpn_t)
+corenet_tcp_connect_http_cache_port(openvpn_t)
 corenet_rw_tun_tap_dev(openvpn_t)
 corenet_sendrecv_openvpn_server_packets(openvpn_t)
 corenet_sendrecv_openvpn_client_packets(openvpn_t)
@@ -115,6 +116,16 @@ tunable_policy(`openvpn_enable_homedirs',`
 	userdom_read_user_home_content_files(openvpn_t)
 ')
 
+tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
+        fs_read_nfs_files(openvpn_t)
+        fs_read_nfs_symlinks(openvpn_t)
+')  
+
+tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
+        fs_read_cifs_files(openvpn_t)
+        fs_read_cifs_symlinks(openvpn_t)
+')  
+
 optional_policy(`
 	daemontools_service_domain(openvpn_t, openvpn_exec_t)
 ')