## Virtual Private Networking client ######################################## ## ## Execute VPN clients in the vpnc domain. ## ## ## ## Domain allowed to transition. ## ## # interface(`vpn_domtrans',` gen_require(` type vpnc_t, vpnc_exec_t; ') domtrans_pattern($1, vpnc_exec_t, vpnc_t) ') ######################################## ## ## Execute VPN clients in the vpnc domain, and ## allow the specified role the vpnc domain. ## ## ## ## Domain allowed to transition. ## ## ## ## ## Role allowed access. ## ## ## # interface(`vpn_run',` gen_require(` attribute_role vpnc_roles; type vpnc_t; ') vpn_domtrans($1) roleattribute $2 vpnc_roles; ') ######################################## ## ## Send VPN clients the kill signal. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_kill',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process sigkill; ') ######################################## ## ## Send generic signals to VPN clients. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_signal',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process signal; ') ######################################## ## ## Send signull to VPN clients. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_signull',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:process signull; ') ######################################## ## ## Send and receive messages from ## Vpnc over dbus. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_dbus_chat',` gen_require(` type vpnc_t; class dbus send_msg; ') allow $1 vpnc_t:dbus send_msg; allow vpnc_t $1:dbus send_msg; ') ######################################## ## ## Read vpnc PID dirs. ## ## ## ## Domain allowed access. ## ## # interface(`vpnc_manage_pid_dirs',` gen_require(` type vpnc_var_run_t; ') files_search_pids($1) manage_dirs_pattern($1, vpnc_var_run_t, vpnc_var_run_t) ') ######################################## ## ## Read vpnc PID files. ## ## ## ## Domain allowed access. ## ## # interface(`vpnc_read_pid_files',` gen_require(` type vpnc_var_run_t; ') files_search_pids($1) read_files_pattern($1, vpnc_var_run_t, vpnc_var_run_t) ') ######################################## ## ## Read vpnc PID files. ## ## ## ## Domain allowed access. ## ## # interface(`vpnc_manage_pid_files',` gen_require(` type vpnc_var_run_t; ') files_search_pids($1) manage_files_pattern($1, vpnc_var_run_t, vpnc_var_run_t) ') ######################################## ## ## Read vpnc PID files. ## ## ## ## Domain allowed access. ## ## # interface(`vpnc_manage_pid',` gen_require(` type vpnc_var_run_t; ') files_search_pids($1) manage_files_pattern($1, vpnc_var_run_t, vpnc_var_run_t) manage_dirs_pattern($1, vpnc_var_run_t, vpnc_var_run_t) ') ######################################## ## ## Relabelfrom from vpnc socket. ## ## ## ## Domain allowed access. ## ## # interface(`vpn_relabelfrom_tun_socket',` gen_require(` type vpnc_t; ') allow $1 vpnc_t:tun_socket relabelfrom; ')