Signed-off-by: Dominick Grift <[email protected]>
diff --git a/apache.if b/apache.if
index 83e899c..9bf189f 100644
--- a/apache.if
+++ b/apache.if
@@ -1070,8 +1070,14 @@
## <rolecap/>
#
interface(`apache_manage_all_user_content',`
- refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
- apache_manage_all_content($1)
+ gen_require(`
+ type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
+ type httpd_user_htaccess_t, httpd_user_script_exec_t;
+ ')
+
+ manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
+ manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
+ manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
')
########################################
On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
Sven, see if this does what you want. If it does then i will commit it.
> Signed-off-by: Dominick Grift <[email protected]>
> diff --git a/apache.if b/apache.if
> index 83e899c..9bf189f 100644
> --- a/apache.if
> +++ b/apache.if
> @@ -1070,8 +1070,14 @@
> ## <rolecap/>
> #
> interface(`apache_manage_all_user_content',`
> - refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
> - apache_manage_all_content($1)
> + gen_require(`
> + type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
> + type httpd_user_htaccess_t, httpd_user_script_exec_t;
> + ')
> +
> + manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
> + manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> + manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
> ')
>
> ########################################
Looks ok to me. Too bad templates cannot create interfaces, otherwise we
could have apache_content_template create the apache_manage_all_*_content
interfaces.
On Feb 11, 2013 9:17 PM, "Dominick Grift" <[email protected]> wrote:
> On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
>
> Sven, see if this does what you want. If it does then i will commit it.
>
> > Signed-off-by: Dominick Grift <[email protected]>
> > diff --git a/apache.if b/apache.if
> > index 83e899c..9bf189f 100644
> > --- a/apache.if
> > +++ b/apache.if
> > @@ -1070,8 +1070,14 @@
> > ## <rolecap/>
> > #
> > interface(`apache_manage_all_user_content',`
> > - refpolicywarn(`$0($*) has been deprecated, use
> apache_manage_all_content() instead.')
> > - apache_manage_all_content($1)
> > + gen_require(`
> > + type httpd_user_content_t, httpd_user_content_rw_t,
> httpd_user_content_ra_t)
> > + type httpd_user_htaccess_t, httpd_user_script_exec_t;
> > + ')
> > +
> > + manage_dirs_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > + manage_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t
> httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t
> httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> > + manage_lnk_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > ')
> >
> > ########################################
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130211/7a4f3c01/attachment.html
On Mon, 2013-02-11 at 22:01 +0100, Sven Vermeulen wrote:
> Looks ok to me. Too bad templates cannot create interfaces, otherwise we
> could have apache_content_template create the apache_manage_all_*_content
> interfaces.
Alright, i merged this solution. commit id 37da3a4