29 lines
1.3 KiB
Diff
29 lines
1.3 KiB
Diff
From 55b2dfdddf231f35adda18174b6f9cd9488eff1b Mon Sep 17 00:00:00 2001
|
|
From: Demi Marie Obenour <demiobenour@gmail.com>
|
|
Date: Fri, 28 Aug 2020 09:49:11 -0400
|
|
Reference: https://github.com/fedora-selinux/selinux-policy/commit/55b2dfdddf231f35adda18174b6f9cd9488eff1b
|
|
Conflict: NA
|
|
Subject: [PATCH] Relabel /usr/sbin/charon-systemd as ipsec_exec_t
|
|
|
|
This causes StrongSwan to be run with the `ipsec_exec_t` context, which allows it to bind to its sockets.
|
|
---
|
|
policy/modules/system/ipsec.fc | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
|
|
index e1a4f6822..c33edcced 100644
|
|
--- a/policy/modules/system/ipsec.fc
|
|
+++ b/policy/modules/system/ipsec.fc
|
|
@@ -50,7 +50,7 @@
|
|
/usr/libexec/strongswan/.* -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
|
/usr/libexec/strongimcv/.* -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
|
|
|
-/usr/sbin/charon-systemd -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
|
+/usr/sbin/charon-systemd -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
|
/usr/sbin/ipsec -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
|
/usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0)
|
|
/usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0)
|
|
--
|
|
2.27.0
|
|
|