# OpenVPN 3 Linux - SELinux policy
#
#  SPDX-License-Identifier: AGPL-3.0-only
#
#  Copyright (C) 2018 - 2023  OpenVPN Inc <sales@openvpn.net>
#  Copyright (C) 2018 - 2023  David Sommerseth <davids@openvpn.net>
#

policy_module(openvpn3, 1.0.2);

gen_require(` type system_dbusd_t; ')

## <desc>
## <p>
## Allow dbus-daemon system bus to access /dev/net/tun
## which is needed to pass tun/tap device file descriptors
## over D-Bus.  This is needed by openvpn3-service-netcfg.
## </p>
## </desc>
gen_tunable(dbus_access_tuntap_device, false)

tunable_policy(`dbus_access_tuntap_device',`
        corenet_rw_tun_tap_dev(system_dbusd_t)
')