# ------------------------------------------------------------------
#
#   Copyright (C) 2014 Canonical Ltd.
#
#   This program is free software; you can redistribute it and/or
#   modify it under the terms of version 2 of the GNU General Public
#   License published by the Free Software Foundation.
#
#   Author: Jonathan Davies <jonathan.davies@canonical.com>
#
# ------------------------------------------------------------------

#include <tunables/global>

/usr/lib/ipsec/stroke flags=(attach_disconnected) {
  #include <abstractions/base>

  capability dac_override,

  /etc/strongswan.conf          r,
  /etc/strongswan.d/            r,
  /etc/strongswan.d/**          r,

  /run/charon.ctl               rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.lib.ipsec.stroke>
}