From e9bf16d2d91d8a92b96f060cabeda85e4c8b8005 Mon Sep 17 00:00:00 2001 From: Jeremy Solt Date: Mon, 30 Aug 2010 10:27:12 -0400 Subject: [PATCH] certmaster patch from Dan Walsh --- policy/modules/services/certmaster.if | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if index 9629d3d09..fa627873a 100644 --- a/policy/modules/services/certmaster.if +++ b/policy/modules/services/certmaster.if @@ -18,6 +18,25 @@ interface(`certmaster_domtrans',` domtrans_pattern($1, certmaster_exec_t, certmaster_t) ') +#################################### +## +## Execute certmaster in the caller domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`certmaster_exec',` + gen_require(` + type certmaster_exec_t; + ') + + can_exec($1, certmaster_exec_t) + corecmd_search_bin($1) +') + ####################################### ## ## read certmaster logs. @@ -79,7 +98,7 @@ interface(`certmaster_manage_log',` ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## an snort environment ## ##