Allow ipsec to read kernel sysctl

2012-09-12 13:29:28 +00:00 · 2012-09-12 13:29:28 +00:00 · 672f146fec
parent 99d1e6b9f1
commit 672f146fec
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@ -113,6 +113,7 @@ allow ipsec_mgmt_t ipsec_t:unix_stream_socket { read write };
 allow ipsec_mgmt_t ipsec_t:process { rlimitinh sigchld };

 kernel_read_kernel_sysctls(ipsec_t)
+kernel_read_net_sysctls(ipsec_t)
 kernel_list_proc(ipsec_t)
 kernel_read_proc_symlinks(ipsec_t)
 # allow pluto to access /proc/net/ipsec_eroute;