[Audit-test-developer] [PATCH 2/2] Add more ipsec policy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

This seems to be needed for the local ipsec udp tests,
although they still don't work.

Signed-off-by: Linda Knippers <lin...@hp...>
---
 audit/utils/selinux-policy/lspp_test.te |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/audit/utils/selinux-policy/lspp_test.te b/audit/utils/selinux-policy/lspp_test.te
index 6aaf8ff..5532cc4 100644
--- a/audit/utils/selinux-policy/lspp_test.te
+++ b/audit/utils/selinux-policy/lspp_test.te
@@ -32,7 +32,7 @@ define(`ROLES_ALL',`sysadm_r secadm_r auditadm_r staff_r')
 # the policy_module() and gen_require() statements.
 #
 
-policy_module(lspp_test,6.3.12)
+policy_module(lspp_test,6.3.13)
 
 # we really shouldn't be accessing these policy constructs directly but there
 # isn't always a policy interface available for what we want to do, so just
@@ -396,6 +396,9 @@ allow ipsec_t lspp_harness_t:association setcontext;
 allow ipsec_t ipsec_spd_t:association setcontext;
 allow ipsec_t lspp_test_ipsec_t:association setcontext;
 
+# needed for ip commands that get initiated during tests
+allow ifconfig_t lspp_test_ipsec_t:association setcontext;
+
 # needed for cron tests - this may be temporary as if these
 # are really needed, they're probably needed in the mls policy
 allow crond_t cronjob_t:key create;
-- 
1.7.4.4





[Audit-test-developer] [PATCH 2/2] Add more ipsec policy

Test suite for Linux audit and related security functionality

[Audit-test-developer] [PATCH 2/2] Add more ipsec policy