[selinux-policy: 2687/3172] vpn patch from Dan Walsh

[Daniel J Walsh]

commit fdc0d0f77cab8f17024912aa105c309de7e03be0
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Mon May 24 10:12:43 2010 -0400

    vpn patch from Dan Walsh
    
    Edits:
     - Removed userdom_read_home_certs

 policy/modules/admin/vpn.te |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 028ce05..7851da7 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -31,7 +31,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
 allow vpnc_t self:rawip_socket create_socket_perms;
 allow vpnc_t self:unix_dgram_socket create_socket_perms;
 allow vpnc_t self:unix_stream_socket create_socket_perms;
-allow vpnc_t self:tun_socket create;
+allow vpnc_t self:tun_socket  { create_socket_perms };
 # cjp: this needs to be fixed
 allow vpnc_t self:socket create_socket_perms;
 
@@ -46,6 +46,7 @@ files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
 kernel_read_system_state(vpnc_t)
 kernel_read_network_state(vpnc_t)
 kernel_read_all_sysctls(vpnc_t)
+kernel_request_load_module(vpnc_t)
 kernel_rw_net_sysctls(vpnc_t)
 
 corenet_all_recvfrom_unlabeled(vpnc_t)
@@ -115,3 +116,7 @@ optional_policy(`
 		networkmanager_dbus_chat(vpnc_t)
 	')
 ')
+
+optional_policy(`
+	networkmanager_attach_tun_iface(vpnc_t)
+')