selinux-refpolicy/policy/modules/services/certbot.if

## <summary>SSL certificate requesting tool certbot AKA letsencrypt.</summary>

########################################
## <summary>
##      Execute certbot/letsencrypt in the certbot
##      domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`certbot_domtrans',`
	gen_require(`
		type certbot_t, certbot_exec_t;
	')

	domtrans_pattern($1, certbot_exec_t, certbot_t)
')

########################################
## <summary>
##      Execute certbot/letsencrypt in the certbot
##      domain, and allow the specified role
##      the firstboot domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
#
interface(`certbot_run',`
	gen_require(`
		type certbot_t;
	')

	certbot_domtrans($1)
	role $2 types certbot_t;
')

########################################
## <summary>
##	Read TLS certificates and keys
##	generated by certbot.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`certbot_read_lib',`
	gen_require(`
		type certbot_lib_t;
	')

	search_dirs_pattern($1, certbot_lib_t, certbot_lib_t)
	read_files_pattern($1, certbot_lib_t, certbot_lib_t)
')
latest iteration of certbot policy as patch Same .te as sent a few days ago, but as a patch and with the other files needed. I think this is ready for inclusion. Signed-off-by: Russell Coker <russell@coker.com.au> 2021-01-14 23:39:01 +00:00			`## <summary>SSL certificate requesting tool certbot AKA letsencrypt.</summary>`

			`########################################`
			`## <summary>`
			`## Execute certbot/letsencrypt in the certbot`
			`## domain.`
			`## </summary>`
			`## <param name="domain">`
policy: interfaces: doc: indent param blocks consistently There is more than 5000 parameter documentations. Only about 300 are differently done. Change them to be consistently indented. param with one space and content inside with one tab This was done with: sed -ri ' /^##[[:space:]]<param/,/^##[[:space:]]<[/]param>/{ s/^##[[:space:]]/##\t/; s/^##[[:space:]](<[/]?summary)/##\t\1/; s/^##[[:space:]](<[/]?param)/## \1/; }' policy/modules//*.if Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com> 2021-06-30 08:03:44 +00:00			`## <summary>`
			`## Domain allowed to transition.`
			`## </summary>`
latest iteration of certbot policy as patch Same .te as sent a few days ago, but as a patch and with the other files needed. I think this is ready for inclusion. Signed-off-by: Russell Coker <russell@coker.com.au> 2021-01-14 23:39:01 +00:00			`## </param>`
			`#`
			interface(`certbot_domtrans',`
			gen_require(`
			`type certbot_t, certbot_exec_t;`
			`')`

			`domtrans_pattern($1, certbot_exec_t, certbot_t)`
			`')`

			`########################################`
			`## <summary>`
			`## Execute certbot/letsencrypt in the certbot`
			`## domain, and allow the specified role`
			`## the firstboot domain.`
			`## </summary>`
			`## <param name="domain">`
policy: interfaces: doc: indent param blocks consistently There is more than 5000 parameter documentations. Only about 300 are differently done. Change them to be consistently indented. param with one space and content inside with one tab This was done with: sed -ri ' /^##[[:space:]]<param/,/^##[[:space:]]<[/]param>/{ s/^##[[:space:]]/##\t/; s/^##[[:space:]](<[/]?summary)/##\t\1/; s/^##[[:space:]](<[/]?param)/## \1/; }' policy/modules//*.if Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com> 2021-06-30 08:03:44 +00:00			`## <summary>`
			`## Domain allowed to transition.`
			`## </summary>`
latest iteration of certbot policy as patch Same .te as sent a few days ago, but as a patch and with the other files needed. I think this is ready for inclusion. Signed-off-by: Russell Coker <russell@coker.com.au> 2021-01-14 23:39:01 +00:00			`## </param>`
			`## <param name="role">`
policy: interfaces: doc: indent param blocks consistently There is more than 5000 parameter documentations. Only about 300 are differently done. Change them to be consistently indented. param with one space and content inside with one tab This was done with: sed -ri ' /^##[[:space:]]<param/,/^##[[:space:]]<[/]param>/{ s/^##[[:space:]]/##\t/; s/^##[[:space:]](<[/]?summary)/##\t\1/; s/^##[[:space:]](<[/]?param)/## \1/; }' policy/modules//*.if Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com> 2021-06-30 08:03:44 +00:00			`## <summary>`
			`## Role allowed access.`
			`## </summary>`
latest iteration of certbot policy as patch Same .te as sent a few days ago, but as a patch and with the other files needed. I think this is ready for inclusion. Signed-off-by: Russell Coker <russell@coker.com.au> 2021-01-14 23:39:01 +00:00			`## </param>`
			`#`
			interface(`certbot_run',`
			gen_require(`
			`type certbot_t;`
			`')`

			`certbot_domtrans($1)`
			`role $2 types certbot_t;`
			`')`
certbot, various: allow various services to read certbot certs Signed-off-by: Kenton Groombridge <me@concord.sh> 2021-11-07 01:23:18 +00:00
			`########################################`
			`## <summary>`
			`## Read TLS certificates and keys`
			`## generated by certbot.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`certbot_read_lib',`
			gen_require(`
			`type certbot_lib_t;`
			`')`

			`search_dirs_pattern($1, certbot_lib_t, certbot_lib_t)`
			`read_files_pattern($1, certbot_lib_t, certbot_lib_t)`
			`')`