trunk: add in polmatch for default spd.
This commit is contained in:
parent
bdccbacdd6
commit
9820351703
|
@ -93,6 +93,43 @@ interface(`ipsec_read_config',`
|
||||||
allow $1 ipsec_conf_file_t:file read_file_perms;
|
allow $1 ipsec_conf_file_t:file read_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Match the default SPD entry.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`ipsec_match_default_spd',`
|
||||||
|
gen_require(`
|
||||||
|
type ipsec_spd_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 ipsec_spd_t:association polmatch;
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Set the context of a SPD entry to
|
||||||
|
## the default context.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`ipsec_setcontext_default_spd',`
|
||||||
|
gen_require(`
|
||||||
|
type ipsec_spd_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 ipsec_spd_t:association setcontext;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create, read, write, and delete the IPSEC pid files.
|
## Create, read, write, and delete the IPSEC pid files.
|
||||||
|
@ -112,24 +149,6 @@ interface(`ipsec_manage_pid',`
|
||||||
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
|
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Allow to set an default security context of IPsec Policy.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`ipsec_setcontext_default_spd',`
|
|
||||||
gen_require(`
|
|
||||||
type ipsec_spd_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
allow $1 ipsec_spd_t:association setcontext;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute racoon in the racoon domain.
|
## Execute racoon in the racoon domain.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(ipsec,1.4.3)
|
policy_module(ipsec,1.4.4)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -74,6 +74,7 @@ interface(`unconfined_domain_noaudit',`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ipsec_setcontext_default_spd($1)
|
ipsec_setcontext_default_spd($1)
|
||||||
|
ipsec_match_default_spd($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(unconfined,2.0.1)
|
policy_module(unconfined,2.0.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue