From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 16 Feb 2011 09:44:04 -0500
Subject: [refpolicy] [PATCH] Users calling apache_role were not able to
 manage httpd_user_content_t files, directories and symbolic links.
In-Reply-To: <20110213175834.GA8573@localhost.localdomain>
References: <20110213175834.GA8573@localhost.localdomain>
Message-ID: <4D5BE2B4.90102@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/13/11 12:58, Dominick Grift wrote:
> From 78d6e4acfc000b07dbf85b076fa523e95e72da3f Sun, 13 Feb 2011 18:55:53 +0100
> From: Dominick Grift <domg472@gmail.com>
> Date: Sun, 13 Feb 2011 18:55:09 +0100
> Subject: [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links.
> 
> Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links.
> 
> Signed-off-by: Dominick Grift <domg472@gmail.com>

Merged.

> diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
> index c9e1a44..6480167 100644
> --- a/policy/modules/services/apache.if
> +++ b/policy/modules/services/apache.if
> @@ -218,10 +218,15 @@
>  
>  	role $1 types httpd_user_script_t;
>  
> -	allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
> -
>  	allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
>  
> +	manage_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +	manage_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +	manage_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +	relabel_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +	relabel_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +	relabel_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
> +
>  	manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
>  	manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
>  	manage_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
> 
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com