diff options
| author | Christian Ehrhardt <christian.ehrhardt@canonical.com> | 2016-12-19 16:21:01 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2016-12-21 11:31:23 +0100 |
| commit | 9e71a10822db1d8ce399ac85c1d6c13863987be0 (patch) | |
| tree | d824f1bf39eaaf164880d854a29cdb95daed19fe /debian/usr.lib.ipsec.stroke | |
| parent | 821cb0af7404c56c04d511b02a98be96fa446104 (diff) | |
| download | vyos-strongswan-9e71a10822db1d8ce399ac85c1d6c13863987be0.tar.gz vyos-strongswan-9e71a10822db1d8ce399ac85c1d6c13863987be0.zip | |
* add and install apparmor profiles
- d/rules install AppArmor profiles
- d/control add dh-apparmor build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles
for charon, lookip and stroke
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Diffstat (limited to 'debian/usr.lib.ipsec.stroke')
| -rw-r--r-- | debian/usr.lib.ipsec.stroke | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/debian/usr.lib.ipsec.stroke b/debian/usr.lib.ipsec.stroke new file mode 100644 index 000000000..9d20ee7c9 --- /dev/null +++ b/debian/usr.lib.ipsec.stroke @@ -0,0 +1,28 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/stroke flags=(attach_disconnected) { + #include <abstractions/base> + + capability dac_override, + + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + + /run/charon.ctl rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.stroke> +} |