[selinux-policy: 2261/3172] openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:20:47 UTC 2010
commit f2f296ba6064f9ba343888e1a658425311890896
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Sep 2 09:24:10 2009 -0400
openvpn patch from dan: Openvpn connects to cache ports and stores files in nfs and cifs directories.
policy/modules/services/openvpn.te | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index b7853fe..4ad43ef 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
-policy_module(openvpn, 1.8.1)
+policy_module(openvpn, 1.8.2)
########################################
#
@@ -87,6 +87,7 @@ corenet_tcp_bind_openvpn_port(openvpn_t)
corenet_udp_bind_openvpn_port(openvpn_t)
corenet_tcp_connect_openvpn_port(openvpn_t)
corenet_tcp_connect_http_port(openvpn_t)
+corenet_tcp_connect_http_cache_port(openvpn_t)
corenet_rw_tun_tap_dev(openvpn_t)
corenet_sendrecv_openvpn_server_packets(openvpn_t)
corenet_sendrecv_openvpn_client_packets(openvpn_t)
@@ -115,6 +116,16 @@ tunable_policy(`openvpn_enable_homedirs',`
userdom_read_user_home_content_files(openvpn_t)
')
+tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
+ fs_read_nfs_files(openvpn_t)
+ fs_read_nfs_symlinks(openvpn_t)
+')
+
+tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
+ fs_read_cifs_files(openvpn_t)
+ fs_read_cifs_symlinks(openvpn_t)
+')
+
optional_policy(`
daemontools_service_domain(openvpn_t, openvpn_exec_t)
')
More information about the scm-commits
mailing list