Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 406756 Details for
Bug 554834
sec-policy/selinux-ipsec: Add support for net-misc/strongswan
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
type enforcement additions
myipsec.te (text/plain), 2.49 KB, created by
Matthias Dahl
on 2015-07-14 07:57:41 UTC
(
hide
)
Description:
type enforcement additions
Filename:
MIME Type:
Creator:
Matthias Dahl
Created:
2015-07-14 07:57:41 UTC
Size:
2.49 KB
patch
obsolete
>policy_module(myipsec, 1.0) > >gen_require(` > type ipsec_t, ipsec_exec_t; > type ipsec_mgmt_t, ipsec_mgmt_exec_t; > type ipsec_conf_file_t, ipsec_key_file_t, ipsec_var_run_t; >'); > >######################################## ># ># Declarations ># > >type ipsec_supervisor_t; >type ipsec_supervisor_exec_t; >init_daemon_domain(ipsec_supervisor_t, ipsec_supervisor_exec_t); >role system_r types ipsec_supervisor_t; > >######################################## ># ># ipsec_t policy ># > >allow ipsec_t self:capability { chown setgid setuid }; >allow ipsec_t self:fifo_file rw_fifo_file_perms; >allow ipsec_t self:netlink_route_socket { create_netlink_socket_perms nlmsg_write }; > >kernel_rw_net_sysctls(ipsec_t); > >######################################## ># ># ipsec_mgmt_t policy ># > >allow ipsec_mgmt_t ipsec_supervisor_t:process { signal signull }; > >domtrans_pattern(ipsec_mgmt_t, ipsec_supervisor_exec_t, ipsec_supervisor_t); > >######################################## ># ># ipsec_supervisor_t policy ># > >allow ipsec_supervisor_t self:capability { net_admin dac_read_search dac_override kill }; >allow ipsec_supervisor_t self:process { signal }; >allow ipsec_supervisor_t self:fifo_file rw_fifo_file_perms; >allow ipsec_supervisor_t self:netlink_route_socket { create_netlink_socket_perms nlmsg_write }; >allow ipsec_supervisor_t self:netlink_xfrm_socket create_netlink_socket_perms; > >allow ipsec_supervisor_t ipsec_conf_file_t:dir list_dir_perms; >read_files_pattern(ipsec_supervisor_t, ipsec_conf_file_t, ipsec_conf_file_t); > >domtrans_pattern(ipsec_supervisor_t, ipsec_exec_t, ipsec_t); > >manage_files_pattern(ipsec_supervisor_t, ipsec_key_file_t, ipsec_key_file_t) > >allow ipsec_supervisor_t ipsec_t:unix_stream_socket { connectto }; >allow ipsec_supervisor_t ipsec_t:process { signal }; > >allow ipsec_supervisor_t ipsec_var_run_t:sock_file { rw_sock_file_perms unlink }; >manage_dirs_pattern(ipsec_supervisor_t, ipsec_var_run_t, ipsec_var_run_t) >manage_files_pattern(ipsec_supervisor_t, ipsec_var_run_t, ipsec_var_run_t) >files_pid_filetrans(ipsec_supervisor_t, ipsec_var_run_t, { dir file sock_file }) > >kernel_read_network_state(ipsec_supervisor_t) >kernel_read_system_state(ipsec_supervisor_t) >kernel_rw_net_sysctls(ipsec_supervisor_t); > >corecmd_exec_bin(ipsec_supervisor_t); >corecmd_exec_shell(ipsec_supervisor_t) > >dev_read_rand(ipsec_supervisor_t); >dev_read_urand(ipsec_supervisor_t); > >files_read_etc_files(ipsec_supervisor_t); > >logging_send_syslog_msg(ipsec_supervisor_t); > >miscfiles_read_localization(ipsec_supervisor_t); > >optional_policy(` > modutils_domtrans_insmod(ipsec_supervisor_t) >')
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=406756">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 554834
:
406754
| 406756
