commit fdc0d0f77cab8f17024912aa105c309de7e03be0 Author: Jeremy Solt jsolt@tresys.com Date: Mon May 24 10:12:43 2010 -0400

vpn patch from Dan Walsh

Edits: - Removed userdom_read_home_certs

policy/modules/admin/vpn.te | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) --- diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te index 028ce05..7851da7 100644 --- a/policy/modules/admin/vpn.te +++ b/policy/modules/admin/vpn.te @@ -31,7 +31,7 @@ allow vpnc_t self:udp_socket create_socket_perms; allow vpnc_t self:rawip_socket create_socket_perms; allow vpnc_t self:unix_dgram_socket create_socket_perms; allow vpnc_t self:unix_stream_socket create_socket_perms; -allow vpnc_t self:tun_socket create; +allow vpnc_t self:tun_socket { create_socket_perms }; # cjp: this needs to be fixed allow vpnc_t self:socket create_socket_perms;

@@ -46,6 +46,7 @@ files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir}) kernel_read_system_state(vpnc_t) kernel_read_network_state(vpnc_t) kernel_read_all_sysctls(vpnc_t) +kernel_request_load_module(vpnc_t) kernel_rw_net_sysctls(vpnc_t)

corenet_all_recvfrom_unlabeled(vpnc_t) @@ -115,3 +116,7 @@ optional_policy(` networkmanager_dbus_chat(vpnc_t) ') ') + +optional_policy(` + networkmanager_attach_tun_iface(vpnc_t) +')