The rpc module is not a core module. As such, calls towards rpc_*
interfaces should be wrapped with optional_policy().
Signed-off-by: Sven Vermeulen <[email protected]>
---
apache.te | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/apache.te b/apache.te
index d5c74fd..bae14a8 100644
--- a/apache.te
+++ b/apache.te
@@ -745,10 +745,12 @@ tunable_policy(`httpd_use_fusefs && httpd_builtin_scripting',`
fs_exec_fusefs_files(httpd_t)
')
-tunable_policy(`httpd_use_nfs',`
- fs_list_auto_mountpoints(httpd_t)
- rpc_manage_nfs_rw_content(httpd_t)
- rpc_read_nfs_content(httpd_t)
+optional_policy('
+ tunable_policy(`httpd_use_nfs',`
+ fs_list_auto_mountpoints(httpd_t)
+ rpc_manage_nfs_rw_content(httpd_t)
+ rpc_read_nfs_content(httpd_t)
+ ')
')
tunable_policy(`httpd_use_nfs && httpd_builtin_scripting',`
--
2.10.2