Added pki_tomcat_cert_t type and interface to access it

Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t
author: Ade Lee <alee@redhat.com> 2012-10-10 00:16:57 -0400
committer: Ade Lee <alee@redhat.com> 2012-10-10 00:34:12 -0400
commit: c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch)
tree: c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/selinux/src/pki.if
parent: 5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff)
download: pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz
pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz
pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/base/selinux/src/pki.if b/base/selinux/src/pki.if
index e2392634e..8399c4e9b 100644
--- a/base/selinux/src/pki.if
+++ b/base/selinux/src/pki.if
@@ -1,5 +1,22 @@
 
 ## <summary>policy for pki</summary>
+########################################
+## <summary>
+##      Allow read and write pki cert files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`pki_rw_tomcat_cert',`
+        gen_require(`
+                type pki_tomcat_cert_t;
+        ')
+
+        rw_files_pattern($1, pki_tomcat_cert_t, pki_tomcat_cert_t)
+')
 
 ########################################
 ## <summary>
author	Ade Lee <alee@redhat.com>	2012-10-10 00:16:57 -0400
committer	Ade Lee <alee@redhat.com>	2012-10-10 00:34:12 -0400
commit	c494bd03f8f4f82a4c06457dfc301a606b89e2dc (patch)
tree	c69a1e6c273faebc677d04f558c9c0c63b23ff04 /base/selinux/src/pki.if
parent	5ef10ba9a3702d1dc2289f7fa163e8989370d2b1 (diff)
download	pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.gz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.tar.xz pki-c494bd03f8f4f82a4c06457dfc301a606b89e2dc.zip