summaryrefslogtreecommitdiff
path: root/Android.mk
diff options
context:
space:
mode:
authorGerald Turner <gturner@unzane.com>2017-05-11 17:15:09 -0700
committerYves-Alexis Perez <corsac@corsac.net>2017-06-30 13:52:01 +0200
commitb8ac1d49802dbadecb1805baf4d6ca0ac7735ef0 (patch)
tree27e0c6b8e2deedf49416a40a933a7f22b8174cec /Android.mk
parent784751a50713ae63faeb9aac3b0d77581324e70e (diff)
downloadvyos-strongswan-b8ac1d49802dbadecb1805baf4d6ca0ac7735ef0.tar.gz
vyos-strongswan-b8ac1d49802dbadecb1805baf4d6ca0ac7735ef0.zip
Install AppArmor profiles for /usr/sbin/swanctl and /usr/sbin/charon-systemd.
The AppArmor profile for charon-systemd was copied from the existing profile for /usr/lib/ipsec/charon without much scrutiny other than testing basic IPsec tunnels (no fancy plugin options were tested). It appears that the team at Canonical that had written the /usr/lib/ipsec/charon policy had done extensive testing with several plugins, and it seems likely that applying the same profile to charon-systemd will allow those plugins to continue to work. The AppArmor profile for swanctl was written from scratch and well tested. It turns out that swanctl unnecessarily loads plugins by default, so a bit of frivolous access has been granted.
Diffstat (limited to 'Android.mk')
0 files changed, 0 insertions, 0 deletions