From: dominick.grift@gmail.com (Dominick Grift) Date: Mon, 11 Feb 2013 21:17:43 +0100 Subject: [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises In-Reply-To: <1360613706-6260-1-git-send-email-dominick.grift@gmail.com> References: <1360613706-6260-1-git-send-email-dominick.grift@gmail.com> Message-ID: <1360613863.2559.38.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote: Sven, see if this does what you want. If it does then i will commit it. > Signed-off-by: Dominick Grift > diff --git a/apache.if b/apache.if > index 83e899c..9bf189f 100644 > --- a/apache.if > +++ b/apache.if > @@ -1070,8 +1070,14 @@ > ## > # > interface(`apache_manage_all_user_content',` > - refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.') > - apache_manage_all_content($1) > + gen_require(` > + type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t) > + type httpd_user_htaccess_t, httpd_user_script_exec_t; > + ') > + > + manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }) > + manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t}) > + manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }) > ') > > ########################################