From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 16 Feb 2011 09:44:04 -0500 Subject: [refpolicy] [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. In-Reply-To: <20110213175834.GA8573@localhost.localdomain> References: <20110213175834.GA8573@localhost.localdomain> Message-ID: <4D5BE2B4.90102@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/13/11 12:58, Dominick Grift wrote: > From 78d6e4acfc000b07dbf85b076fa523e95e72da3f Sun, 13 Feb 2011 18:55:53 +0100 > From: Dominick Grift > Date: Sun, 13 Feb 2011 18:55:09 +0100 > Subject: [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. > > Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links. > > Signed-off-by: Dominick Grift Merged. > diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if > index c9e1a44..6480167 100644 > --- a/policy/modules/services/apache.if > +++ b/policy/modules/services/apache.if > @@ -218,10 +218,15 @@ > > role $1 types httpd_user_script_t; > > - allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom }; > - > allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom }; > > + manage_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t) > + manage_files_pattern($2, httpd_user_content_t, httpd_user_content_t) > + manage_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t) > + relabel_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t) > + relabel_files_pattern($2, httpd_user_content_t, httpd_user_content_t) > + relabel_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t) > + > manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) > manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) > manage_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) > > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com