diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-07-04 19:26:59 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-07-04 19:26:59 +0200 |
| commit | 3e86012d0cd7e77359dc6966a075e18fc44c9b7a (patch) | |
| tree | b25c4e83c27634993926100a3a9ae991360c0907 /policy/modules/system/ipsec.te | |
| parent | Use /var/lib/racoon location for Gentoo (diff) | |
| download | hardened-refpolicy-3e86012d0cd7e77359dc6966a075e18fc44c9b7a.tar.gz hardened-refpolicy-3e86012d0cd7e77359dc6966a075e18fc44c9b7a.tar.bz2 hardened-refpolicy-3e86012d0cd7e77359dc6966a075e18fc44c9b7a.zip | |
Allow racoon to listen on its own socket
When starting racoon, the daemon fails with the following error:
Jul 4 19:23:57 test racoon: ERROR:
listen(sockname:/var/lib/racoon/racoon.sock): Permission denied
The denial speaks for itself:
type=AVC msg=audit(1372958637.355:24805): avc: denied { listen } for pid=2981
comm="racoon" path="/var/lib/racoon/racoon.sock"
scontext=system_u:system_r:racoon_t:s0 tcontext=system_u:system_r:racoon_t:s0
tclass=unix_stream_socket
Add in the necessary permission set.
Diffstat (limited to 'policy/modules/system/ipsec.te')
| -rw-r--r-- | policy/modules/system/ipsec.te | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te index 312cd0417..223e02b12 100644 --- a/policy/modules/system/ipsec.te +++ b/policy/modules/system/ipsec.te @@ -444,3 +444,11 @@ seutil_read_config(setkey_t) userdom_use_user_terminals(setkey_t) +ifdef(`distro_gentoo',` + ################################################ + # + # racoon policy + # + + allow racoon_t self:unix_stream_socket create_stream_socket_perms; +') |