From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 22 Nov 2014 19:54:40 +0100
Subject: [refpolicy] [PATCH 7/7] Add /var/lib/racoon as runtime directory
	for ipsec
In-Reply-To: <1416682480-13282-1-git-send-email-sven.vermeulen@siphos.be>
References: <1416682480-13282-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1416682480-13282-8-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 policy/modules/system/ipsec.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
index 662e79b..0f1e351 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -31,6 +31,8 @@
 /usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
 /usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)
 
+/var/lib/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
+
 /var/lock/subsys/ipsec		--	gen_context(system_u:object_r:ipsec_mgmt_lock_t,s0)
 
 /var/log/pluto\.log		--	gen_context(system_u:object_r:ipsec_log_t,s0)
-- 
2.0.4