All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
@ 2013-02-11 20:15 Dominick Grift
  2013-02-11 20:17 ` Dominick Grift
  0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2013-02-11 20:15 UTC (permalink / raw)
  To: refpolicy


Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/apache.if b/apache.if
index 83e899c..9bf189f 100644
--- a/apache.if
+++ b/apache.if
@@ -1070,8 +1070,14 @@
 ## <rolecap/>
 #
 interface(`apache_manage_all_user_content',`
-	refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
-	apache_manage_all_content($1)
+	gen_require(`
+		type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
+		type httpd_user_htaccess_t, httpd_user_script_exec_t;
+	')
+
+	manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
+	manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
+	manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
 ')
 
 ########################################

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
  2013-02-11 20:15 [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises Dominick Grift
@ 2013-02-11 20:17 ` Dominick Grift
  2013-02-11 21:01   ` Sven Vermeulen
  0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2013-02-11 20:17 UTC (permalink / raw)
  To: refpolicy

On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:

Sven, see if this does what you want. If it does then i will commit it.

> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/apache.if b/apache.if
> index 83e899c..9bf189f 100644
> --- a/apache.if
> +++ b/apache.if
> @@ -1070,8 +1070,14 @@
>  ## <rolecap/>
>  #
>  interface(`apache_manage_all_user_content',`
> -	refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
> -	apache_manage_all_content($1)
> +	gen_require(`
> +		type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
> +		type httpd_user_htaccess_t, httpd_user_script_exec_t;
> +	')
> +
> +	manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
> +	manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> +	manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
>  ')
>  
>  ########################################

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
  2013-02-11 20:17 ` Dominick Grift
@ 2013-02-11 21:01   ` Sven Vermeulen
  2013-02-12 13:09     ` Dominick Grift
  0 siblings, 1 reply; 4+ messages in thread
From: Sven Vermeulen @ 2013-02-11 21:01 UTC (permalink / raw)
  To: refpolicy

Looks ok to me. Too bad templates cannot create interfaces, otherwise we
could have apache_content_template create the apache_manage_all_*_content
interfaces.
On Feb 11, 2013 9:17 PM, "Dominick Grift" <dominick.grift@gmail.com> wrote:

> On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
>
> Sven, see if this does what you want. If it does then i will commit it.
>
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/apache.if b/apache.if
> > index 83e899c..9bf189f 100644
> > --- a/apache.if
> > +++ b/apache.if
> > @@ -1070,8 +1070,14 @@
> >  ## <rolecap/>
> >  #
> >  interface(`apache_manage_all_user_content',`
> > -     refpolicywarn(`$0($*) has been deprecated, use
> apache_manage_all_content() instead.')
> > -     apache_manage_all_content($1)
> > +     gen_require(`
> > +             type httpd_user_content_t, httpd_user_content_rw_t,
> httpd_user_content_ra_t)
> > +             type httpd_user_htaccess_t, httpd_user_script_exec_t;
> > +     ')
> > +
> > +     manage_dirs_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > +     manage_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t
> httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t
> httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> > +     manage_lnk_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> >  ')
> >
> >  ########################################
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130211/7a4f3c01/attachment.html 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
  2013-02-11 21:01   ` Sven Vermeulen
@ 2013-02-12 13:09     ` Dominick Grift
  0 siblings, 0 replies; 4+ messages in thread
From: Dominick Grift @ 2013-02-12 13:09 UTC (permalink / raw)
  To: refpolicy

On Mon, 2013-02-11 at 22:01 +0100, Sven Vermeulen wrote:
> Looks ok to me. Too bad templates cannot create interfaces, otherwise we
> could have apache_content_template create the apache_manage_all_*_content
> interfaces.

Alright, i merged this solution. commit id 37da3a4

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-12 13:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-11 20:15 [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises Dominick Grift
2013-02-11 20:17 ` Dominick Grift
2013-02-11 21:01   ` Sven Vermeulen
2013-02-12 13:09     ` Dominick Grift

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.