From: gizmo@giz-works.com (Chris Richards) Date: Sun, 18 Apr 2010 16:35:50 -0500 Subject: [refpolicy] [PATCH 1/1] Remove httpd_keytab_t from apache.fc In-Reply-To: <20100418185043.GB18306@localhost.localdomain> References: <1271615514-6037-1-git-send-email-gizmo@giz-works.com> <20100418185043.GB18306@localhost.localdomain> Message-ID: <4BCB7B36.6000805@giz-works.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/18/2010 01:50 PM, Dominick Grift wrote: > On Sun, Apr 18, 2010 at 06:31:54PM +0000, Chris Richards wrote: > >> I cannot find any definition of httpd_keytab_t anywhere in refpolicy. >> I don't know if the definition was removed somewhere and the fc was >> simply not updated, or if there is supposed to be a definition that >> somehow never got created, but I cannot compile refpolicy with things >> as they are. >> >> > > kerberos_keytab_template(httpd, httpd_t) > > Do you have the kerberos module included? > > No, I do not. Gentoo policy does not include modules that are not required to support the installed applications. E.g., if I don't have Kerberos installed, then I won't have the Kerberos policy module installed either. Perhaps the apache.fc statement needs to be wrapped with an optional_policy declaration? > http://oss.tresys.com/projects/refpolicy/browser/policy/modules/services/apache.te (line 546) > http://oss.tresys.com/projects/refpolicy/browser/policy/modules/services/kerberos.if (line 230) > > >> Signed-off-by: Chris Richards >> --- >> policy/modules/services/apache.fc | 1 - >> 1 files changed, 0 insertions(+), 1 deletions(-) >> >> diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc >> index 9e39aa5..a6fcc0c 100644 >> --- a/policy/modules/services/apache.fc >> +++ b/policy/modules/services/apache.fc >> @@ -5,7 +5,6 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u >> /etc/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) >> /etc/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) >> /etc/httpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) >> -/etc/httpd/conf/keytab -- gen_context(system_u:object_r:httpd_keytab_t,s0) >> /etc/httpd/logs gen_context(system_u:object_r:httpd_log_t,s0) >> /etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0) >> /etc/lighttpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) >> -- >> 1.6.4.4 >> >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >> >> >> >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100418/8f86be24/attachment.html