diff options
author | Jukka Rissanen <jukka.rissanen@linux.intel.com> | 2012-11-12 14:07:58 +0200 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2012-11-23 12:58:52 +0200 |
commit | acedf9d49b9a326771aeec755179e3ede3872cdd (patch) | |
tree | b4eff171ca55eb9a4cb1d9fdfd9f6638848e051c /vpn | |
parent | 9b45848a88af4ae202bce346062a7c8db9bc6a66 (diff) | |
download | connman-acedf9d49b9a326771aeec755179e3ede3872cdd.tar.gz connman-acedf9d49b9a326771aeec755179e3ede3872cdd.tar.bz2 connman-acedf9d49b9a326771aeec755179e3ede3872cdd.zip |
selinux: Add Type Enforcement rule compilation
The SELinux rules are needed for VPN. They allow various vpn
clients to send notifications to connman-vpnd via net.connman.Task
dbus interface if the connman processes are run under systemd
and the system is in enforcing mode.
Diffstat (limited to 'vpn')
-rw-r--r-- | vpn/connman-task.te | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/vpn/connman-task.te b/vpn/connman-task.te new file mode 100644 index 00000000..dd777107 --- /dev/null +++ b/vpn/connman-task.te @@ -0,0 +1,16 @@ +# SElinux policy file for allowing various vpn clients +# to access net.connman.Task dbus interface + +module connman-task 1.0; + +require { + type openvpn_t; + type openconnect_t; + type vpnc_t; + type initrc_t; + class dbus send_msg; +} + +allow openvpn_t initrc_t:dbus send_msg; +allow openconnect_t initrc_t:dbus send_msg; +allow vpnc_t initrc_t:dbus send_msg; |