1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
policy_module(vpn, 1.18.0)
########################################
#
# Declarations
#
attribute_role vpnc_roles;
type vpnc_t;
type vpnc_exec_t;
init_system_domain(vpnc_t, vpnc_exec_t)
application_domain(vpnc_t, vpnc_exec_t)
role vpnc_roles types vpnc_t;
type vpnc_tmp_t;
files_tmp_file(vpnc_tmp_t)
type vpnc_var_run_t;
files_pid_file(vpnc_var_run_t)
########################################
#
# Local policy
#
allow vpnc_t self:capability { dac_override dac_read_search ipc_lock net_admin net_raw setuid };
allow vpnc_t self:process { getsched signal };
allow vpnc_t self:fifo_file rw_fifo_file_perms;
allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
allow vpnc_t self:tcp_socket { accept listen };
allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
allow vpnc_t self:socket create_socket_perms;
manage_dirs_pattern(vpnc_t, vpnc_tmp_t, vpnc_tmp_t)
manage_files_pattern(vpnc_t, vpnc_tmp_t, vpnc_tmp_t)
files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
manage_dirs_pattern(vpnc_t, vpnc_var_run_t, vpnc_var_run_t)
manage_files_pattern(vpnc_t, vpnc_var_run_t, vpnc_var_run_t)
files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t)
kernel_read_all_sysctls(vpnc_t)
kernel_request_load_module(vpnc_t)
kernel_rw_net_sysctls(vpnc_t)
corenet_all_recvfrom_unlabeled(vpnc_t)
corenet_all_recvfrom_netlabel(vpnc_t)
corenet_tcp_sendrecv_generic_if(vpnc_t)
corenet_udp_sendrecv_generic_if(vpnc_t)
corenet_raw_sendrecv_generic_if(vpnc_t)
corenet_tcp_sendrecv_generic_node(vpnc_t)
corenet_udp_sendrecv_generic_node(vpnc_t)
corenet_raw_sendrecv_generic_node(vpnc_t)
corenet_tcp_sendrecv_all_ports(vpnc_t)
corenet_udp_sendrecv_all_ports(vpnc_t)
corenet_udp_bind_generic_node(vpnc_t)
corenet_sendrecv_all_server_packets(vpnc_t)
corenet_udp_bind_generic_port(vpnc_t)
corenet_sendrecv_isakmp_server_packets(vpnc_t)
corenet_udp_bind_isakmp_port(vpnc_t)
corenet_sendrecv_generic_server_packets(vpnc_t)
corenet_udp_bind_ipsecnat_port(vpnc_t)
corenet_sendrecv_all_client_packets(vpnc_t)
corenet_tcp_connect_all_ports(vpnc_t)
corenet_rw_tun_tap_dev(vpnc_t)
corecmd_exec_all_executables(vpnc_t)
dev_read_rand(vpnc_t)
dev_read_urand(vpnc_t)
dev_read_sysfs(vpnc_t)
domain_use_interactive_fds(vpnc_t)
files_exec_etc_files(vpnc_t)
files_read_etc_runtime_files(vpnc_t)
files_dontaudit_search_home(vpnc_t)
fs_getattr_xattr_fs(vpnc_t)
fs_getattr_tmpfs(vpnc_t)
term_use_all_ptys(vpnc_t)
term_use_all_ttys(vpnc_t)
auth_use_nsswitch(vpnc_t)
init_dontaudit_use_fds(vpnc_t)
libs_exec_ld_so(vpnc_t)
libs_exec_lib_files(vpnc_t)
locallogin_use_fds(vpnc_t)
logging_send_syslog_msg(vpnc_t)
logging_dontaudit_search_logs(vpnc_t)
miscfiles_read_localization(vpnc_t)
seutil_dontaudit_search_config(vpnc_t)
sysnet_run_ifconfig(vpnc_t, vpnc_roles)
sysnet_etc_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
userdom_use_all_users_fds(vpnc_t)
userdom_dontaudit_search_user_home_content(vpnc_t)
optional_policy(`
dbus_system_bus_client(vpnc_t)
optional_policy(`
networkmanager_dbus_chat(vpnc_t)
')
')
optional_policy(`
networkmanager_attach_tun_iface(vpnc_t)
')
optional_policy(`
seutil_use_newrole_fds(vpnc_t)
')
|
GitWeb