certmaster patch from Dan Walsh

2010-08-30 10:27:12 -04:00 · 2010-08-30 10:27:12 -04:00 · e9bf16d2d9
commit e9bf16d2d9
parent dc1db5407a
1 changed files with 20 additions and 1 deletions
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@ -18,6 +18,25 @@ interface(`certmaster_domtrans',`
 	domtrans_pattern($1, certmaster_exec_t, certmaster_t)
 ')

+####################################
+## <summary>
+##	Execute certmaster in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`certmaster_exec',`
+	gen_require(`
+		type certmaster_exec_t;
+	')
+
+	can_exec($1, certmaster_exec_t)
+	corecmd_search_bin($1)
+')
+
 #######################################
 ## <summary>
 ##	read certmaster logs.
@ -79,7 +98,7 @@ interface(`certmaster_manage_log',`

 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an snort environment
 ## </summary>
 ## <param name="domain">