From: domg472@gmail.com (Dominick Grift) Date: Sun, 13 Feb 2011 18:58:38 +0100 Subject: [refpolicy] [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. Message-ID: <20110213175834.GA8573@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com >From 78d6e4acfc000b07dbf85b076fa523e95e72da3f Sun, 13 Feb 2011 18:55:53 +0100 From: Dominick Grift Date: Sun, 13 Feb 2011 18:55:09 +0100 Subject: [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. Signed-off-by: Dominick Grift diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if index c9e1a44..6480167 100644 --- a/policy/modules/services/apache.if +++ b/policy/modules/services/apache.if @@ -218,10 +218,15 @@ role $1 types httpd_user_script_t; - allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom }; - allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom }; + manage_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t) + manage_files_pattern($2, httpd_user_content_t, httpd_user_content_t) + manage_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t) + relabel_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t) + relabel_files_pattern($2, httpd_user_content_t, httpd_user_content_t) + relabel_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t) + manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) manage_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110213/8a6e95ae/attachment.bin