diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
index 9629d3d..fa62787 100644
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@@ -18,6 +18,25 @@ interface(`certmaster_domtrans',`
 	domtrans_pattern($1, certmaster_exec_t, certmaster_t)
 ')
 
+####################################
+## <summary>
+##	Execute certmaster in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`certmaster_exec',`
+	gen_require(`
+		type certmaster_exec_t;
+	')
+
+	can_exec($1, certmaster_exec_t)
+	corecmd_search_bin($1)
+')
+
 #######################################
 ## <summary>
 ##	read certmaster logs.
@@ -79,7 +98,7 @@ interface(`certmaster_manage_log',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an snort environment
 ## </summary>
 ## <param name="domain">