From d30d36a2fe3c63ae3e8cbd884a9ca3e933b39332 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Sat, 5 Apr 2014 20:01:23 +0200
Subject: [PATCH] Label /usr/local/share/ca-certificates(/.*)? as cert_t

On Debian, this directory can contain locally trusted certificates that
will be then be symlinked to /etc/ssl/certs by
update-ca-certificates(8), the files should be labelled as cert_t.
---
 policy/modules/system/miscfiles.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index b8626631f..e917c2e3a 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
 
 /usr/lib/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
+/usr/local/share/ca-certificates(/.*)?	gen_context(system_u:object_r:cert_t,s0)
+
 /usr/local/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
 /usr/local/share/man(/.*)?	gen_context(system_u:object_r:man_t,s0)