From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 11 Feb 2013 22:01:02 +0100
Subject: [refpolicy] [PATCH] Make httpd_manage_all_user_content() do
	what it advertises
In-Reply-To: <1360613863.2559.38.camel@d30>
References: <1360613706-6260-1-git-send-email-dominick.grift@gmail.com>
	<1360613863.2559.38.camel@d30>
Message-ID: <CAPzO=NyaUe88OGddycJPsgwrvqF2TsVYwb9g3-_p7UtzOQn5qg@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Looks ok to me. Too bad templates cannot create interfaces, otherwise we
could have apache_content_template create the apache_manage_all_*_content
interfaces.
On Feb 11, 2013 9:17 PM, "Dominick Grift" <dominick.grift@gmail.com> wrote:

> On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
>
> Sven, see if this does what you want. If it does then i will commit it.
>
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/apache.if b/apache.if
> > index 83e899c..9bf189f 100644
> > --- a/apache.if
> > +++ b/apache.if
> > @@ -1070,8 +1070,14 @@
> >  ## <rolecap/>
> >  #
> >  interface(`apache_manage_all_user_content',`
> > -     refpolicywarn(`$0($*) has been deprecated, use
> apache_manage_all_content() instead.')
> > -     apache_manage_all_content($1)
> > +     gen_require(`
> > +             type httpd_user_content_t, httpd_user_content_rw_t,
> httpd_user_content_ra_t)
> > +             type httpd_user_htaccess_t, httpd_user_script_exec_t;
> > +     ')
> > +
> > +     manage_dirs_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > +     manage_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t
> httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t
> httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> > +     manage_lnk_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> >  ')
> >
> >  ########################################
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130211/7a4f3c01/attachment.html