diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if index 9629d3d..fa62787 100644 --- a/policy/modules/services/certmaster.if +++ b/policy/modules/services/certmaster.if @@ -18,6 +18,25 @@ interface(`certmaster_domtrans',` domtrans_pattern($1, certmaster_exec_t, certmaster_t) ') +#################################### +## +## Execute certmaster in the caller domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`certmaster_exec',` + gen_require(` + type certmaster_exec_t; + ') + + can_exec($1, certmaster_exec_t) + corecmd_search_bin($1) +') + ####################################### ## ## read certmaster logs. @@ -79,7 +98,7 @@ interface(`certmaster_manage_log',` ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## an snort environment ## ##