Add /var/lib/racoon as runtime directory for ipsec

author: Sven Vermeulen <sven.vermeulen@siphos.be> 2014-11-22 22:16:41 +0100
committer: Jason Zaman <jason@perfinion.com> 2014-12-03 01:06:11 +0400
commit: 1ccd1cfc6d66c662c006169d458ab9c305490151 (patch)
tree: fdfa5a65cd32e2b9ad4b255d8e5c3078b0ecefb3
parent: Add gfisk and efibootmgr as fsadm_exec_t (diff)
download: hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.tar.gz
hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.tar.bz2
hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
index 082ce4751..47f932745 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -31,6 +31,8 @@
 /usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
 /usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)
 
+/var/lib/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
+
 /var/lock/subsys/ipsec		--	gen_context(system_u:object_r:ipsec_mgmt_lock_t,s0)
 
 /var/log/pluto\.log		--	gen_context(system_u:object_r:ipsec_log_t,s0)
author	Sven Vermeulen <sven.vermeulen@siphos.be>	2014-11-22 22:16:41 +0100
committer	Jason Zaman <jason@perfinion.com>	2014-12-03 01:06:11 +0400
commit	1ccd1cfc6d66c662c006169d458ab9c305490151 (patch)
tree	fdfa5a65cd32e2b9ad4b255d8e5c3078b0ecefb3
parent	Add gfisk and efibootmgr as fsadm_exec_t (diff)
download	hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.tar.gz hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.tar.bz2 hardened-refpolicy-1ccd1cfc6d66c662c006169d458ab9c305490151.zip