Allow login programs to connect to the pki_ca_port

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 6a25dd61f642cf0f9e7b927d93096e895c11f184..2c6ee0efb0b041f8ef0f71bf7963167467195baf 100644 (file)
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -144,6 +144,7 @@ interface(`auth_login_pgm_domain',`
        tunable_policy(`authlogin_radius',`
                corenet_udp_bind_all_unreserved_ports($1)
        ')
+       corenet_tcp_connect_pki_ca_port($1)
 
        # for fingerprint readers
        dev_rw_input_dev($1)