diff options
Diffstat (limited to 'selinux/ipa_dogtag/ipa_dogtag.te')
| -rw-r--r-- | selinux/ipa_dogtag/ipa_dogtag.te | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/selinux/ipa_dogtag/ipa_dogtag.te b/selinux/ipa_dogtag/ipa_dogtag.te new file mode 100644 index 000000000..b3fce00da --- /dev/null +++ b/selinux/ipa_dogtag/ipa_dogtag.te @@ -0,0 +1,29 @@ +module ipa_dogtag 1.2; + +require { + type httpd_t; + type cert_t; + type pki_ca_t; + class dir write; + class dir add_name; + class dir remove_name; + class file create; + class file write; + class file rename; + class lnk_file create; + class lnk_file rename; +} + +# Let dogtag write to cert_t directories +allow pki_ca_t cert_t:dir write; +allow pki_ca_t cert_t:dir add_name; +allow pki_ca_t cert_t:dir remove_name; + +# Let dogtag write cert_t files +allow pki_ca_t cert_t:file create; +allow pki_ca_t cert_t:file write; +allow pki_ca_t cert_t:file rename; + +# Let dogtag manage cert_t symbolic links +allow pki_ca_t cert_t:lnk_file create; +allow pki_ca_t cert_t:lnk_file rename; |