From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 3 Jan 2013 17:12:00 +0100
Subject: [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content
In-Reply-To: <50E5A018.3000308@tresys.com>
References: <1355737370-27628-1-git-send-email-sven.vermeulen@siphos.be>
	<1355737370-27628-5-git-send-email-sven.vermeulen@siphos.be>
	<50E5A018.3000308@tresys.com>
Message-ID: <20130103161159.GA15995@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, Jan 03, 2013 at 10:13:28AM -0500, Christopher J. PeBenito wrote:
> On 12/17/12 04:42, Sven Vermeulen wrote:
> > The apache_manage_all_user_content interface has been deprecated and is now
> > pointing towards apache_manage_all_content.
[...]
> >  optional_policy(`
> > -	apache_manage_all_user_content(useradd_t)
> > +	apache_manage_all_content(useradd_t)
> >  ')
> >  
> >  optional_policy(`
> 
> I disagree with this change.  Useradd should only be creating user content, e.g.
> ~/public_html.  This change would provide too much access.

You misunderstood me (or I expressed myself badly ;-)

This is currently the definition of apache_manage_all_user_content:

#v+
interface(`apache_manage_all_user_content',`
        refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
        apache_manage_all_content($1)
')
#v-

All I did in the patch was replace the call to the (deprecated) function
towards the newly pointed function, so that we don't get a deprecation
notice at build time anymore.

Wkr,
	Sven Vermeulen