From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 3 Jan 2013 11:24:03 -0500
Subject: [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content
In-Reply-To: <20130103161159.GA15995@siphos.be>
References: <1355737370-27628-1-git-send-email-sven.vermeulen@siphos.be>
	<1355737370-27628-5-git-send-email-sven.vermeulen@siphos.be>
	<50E5A018.3000308@tresys.com> <20130103161159.GA15995@siphos.be>
Message-ID: <50E5B0A3.3080908@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/03/13 11:12, Sven Vermeulen wrote:
> On Thu, Jan 03, 2013 at 10:13:28AM -0500, Christopher J. PeBenito wrote:
>> On 12/17/12 04:42, Sven Vermeulen wrote:
>>> The apache_manage_all_user_content interface has been deprecated and is now
>>> pointing towards apache_manage_all_content.
> [...]
>>>  optional_policy(`
>>> -	apache_manage_all_user_content(useradd_t)
>>> +	apache_manage_all_content(useradd_t)
>>>  ')
>>>  
>>>  optional_policy(`
>>
>> I disagree with this change.  Useradd should only be creating user content, e.g.
>> ~/public_html.  This change would provide too much access.
> 
> You misunderstood me (or I expressed myself badly ;-)
> 
> This is currently the definition of apache_manage_all_user_content:
> 
> #v+
> interface(`apache_manage_all_user_content',`
>         refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
>         apache_manage_all_content($1)
> ')
> #v-
> 
> All I did in the patch was replace the call to the (deprecated) function
> towards the newly pointed function, so that we don't get a deprecation
> notice at build time anymore.

I didn't misunderstand.  I think the interface should be un-deprecated.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com