Add /var/lib/racoon as runtime directory for ipsec

2014-11-22 22:16:41 +01:00 · 2014-11-22 22:16:41 +01:00 · 1edfad8247
commit 1edfad8247
parent 25b232f49a
1 changed files with 2 additions and 0 deletions
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@ -31,6 +31,8 @@
 /usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
 /usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)

+/var/lib/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
+
 /var/lock/subsys/ipsec		--	gen_context(system_u:object_r:ipsec_mgmt_lock_t,s0)

 /var/log/pluto\.log		--	gen_context(system_u:object_r:ipsec_log_t,s0)