From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 11 Jan 2013 19:29:23 +0100 Subject: [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content In-Reply-To: <50E5B16E.8040101@tresys.com> References: <1355737370-27628-1-git-send-email-sven.vermeulen@siphos.be> <1355737370-27628-5-git-send-email-sven.vermeulen@siphos.be> <50E5A018.3000308@tresys.com> <20130103161159.GA15995@siphos.be> <50E5B0A3.3080908@tresys.com> <50E5B16E.8040101@tresys.com> Message-ID: <1357928963.2495.10.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2013-01-03 at 11:27 -0500, Christopher J. PeBenito wrote: > On 01/03/13 11:24, Christopher J. PeBenito wrote: > > On 01/03/13 11:12, Sven Vermeulen wrote: > >> On Thu, Jan 03, 2013 at 10:13:28AM -0500, Christopher J. PeBenito wrote: > >>> On 12/17/12 04:42, Sven Vermeulen wrote: > >>>> The apache_manage_all_user_content interface has been deprecated and is now > >>>> pointing towards apache_manage_all_content. > >> [...] > >>>> optional_policy(` > >>>> - apache_manage_all_user_content(useradd_t) > >>>> + apache_manage_all_content(useradd_t) > >>>> ') > >>>> > >>>> optional_policy(` > >>> > >>> I disagree with this change. Useradd should only be creating user content, e.g. > >>> ~/public_html. This change would provide too much access. > >> > >> You misunderstood me (or I expressed myself badly ;-) > >> > >> This is currently the definition of apache_manage_all_user_content: > >> > >> #v+ > >> interface(`apache_manage_all_user_content',` > >> refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.') > >> apache_manage_all_content($1) > >> ') > >> #v- > >> > >> All I did in the patch was replace the call to the (deprecated) function > >> towards the newly pointed function, so that we don't get a deprecation > >> notice at build time anymore. > > > > I didn't misunderstand. I think the interface should be un-deprecated. > > To further clarify, I think the interface should be un-deprecated and the original implementation restored. User content is the stuff in ~/public_html. Its not interchangeable with all content, which includes the static web pages and content from web apps. > Yes, i guess i misunderstood this interface. Sven: will you create a patch for this or do i have to change it?