1
## <summary>Certmaster SSL certificate distribution service</summary>
3
########################################
5
## Execute a domain transition to run certmaster.
7
## <param name="domain">
9
## Domain allowed to transition.
13
interface(`certmaster_domtrans',`
15
type certmaster_t, certmaster_exec_t;
18
domtrans_pattern($1, certmaster_exec_t, certmaster_t)
21
#######################################
23
## read certmaster logs.
25
## <param name="domain">
27
## Domain allowed access.
31
interface(`certmaster_read_log',`
33
type certmaster_var_log_t;
36
read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
37
logging_search_logs($1)
40
#######################################
42
## Append to certmaster logs.
44
## <param name="domain">
46
## Domain allowed access.
50
interface(`certmaster_append_log',`
52
type certmaster_var_log_t;
55
append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
56
logging_search_logs($1)
59
#######################################
61
## Create, read, write, and delete
64
## <param name="domain">
66
## Domain allowed access.
70
interface(`certmaster_manage_log',`
72
type certmaster_var_log_t;
75
manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
76
manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
77
logging_search_logs($1)
80
########################################
82
## All of the rules required to administrate
83
## an snort environment
85
## <param name="domain">
87
## Domain allowed access.
90
## <param name="role">
92
## The role to be allowed to manage the syslog domain.
97
interface(`certmaster_admin',`
99
type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
100
type certmaster_etc_rw_t, certmaster_var_log_t;
101
type certmaster_initrc_exec_t;
104
allow $1 certmaster_t:process { ptrace signal_perms };
105
ps_process_pattern($1, certmaster_t)
107
init_labeled_script_domtrans($1, certmaster_initrc_exec_t)
108
domain_system_change_exemption($1)
109
role_transition $2 certmaster_initrc_exec_t system_r;
113
miscfiles_manage_cert_dirs($1)
114
miscfiles_manage_cert_files($1)
116
admin_pattern($1, certmaster_etc_rw_t)
119
admin_pattern($1, certmaster_var_run_t)
121
logging_list_logs($1)
122
admin_pattern($1, certmaster_var_log_t)
124
files_list_var_lib($1)
125
admin_pattern($1, certmaster_var_lib_t)