* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
@ 2013-02-11 20:15 Dominick Grift
2013-02-11 20:17 ` Dominick Grift
0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2013-02-11 20:15 UTC (permalink / raw)
To: refpolicy
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/apache.if b/apache.if
index 83e899c..9bf189f 100644
--- a/apache.if
+++ b/apache.if
@@ -1070,8 +1070,14 @@
## <rolecap/>
#
interface(`apache_manage_all_user_content',`
- refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
- apache_manage_all_content($1)
+ gen_require(`
+ type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
+ type httpd_user_htaccess_t, httpd_user_script_exec_t;
+ ')
+
+ manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
+ manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
+ manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
')
########################################
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
2013-02-11 20:15 [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises Dominick Grift
@ 2013-02-11 20:17 ` Dominick Grift
2013-02-11 21:01 ` Sven Vermeulen
0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2013-02-11 20:17 UTC (permalink / raw)
To: refpolicy
On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
Sven, see if this does what you want. If it does then i will commit it.
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/apache.if b/apache.if
> index 83e899c..9bf189f 100644
> --- a/apache.if
> +++ b/apache.if
> @@ -1070,8 +1070,14 @@
> ## <rolecap/>
> #
> interface(`apache_manage_all_user_content',`
> - refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
> - apache_manage_all_content($1)
> + gen_require(`
> + type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t)
> + type httpd_user_htaccess_t, httpd_user_script_exec_t;
> + ')
> +
> + manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
> + manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> + manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
> ')
>
> ########################################
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
2013-02-11 20:17 ` Dominick Grift
@ 2013-02-11 21:01 ` Sven Vermeulen
2013-02-12 13:09 ` Dominick Grift
0 siblings, 1 reply; 4+ messages in thread
From: Sven Vermeulen @ 2013-02-11 21:01 UTC (permalink / raw)
To: refpolicy
Looks ok to me. Too bad templates cannot create interfaces, otherwise we
could have apache_content_template create the apache_manage_all_*_content
interfaces.
On Feb 11, 2013 9:17 PM, "Dominick Grift" <dominick.grift@gmail.com> wrote:
> On Mon, 2013-02-11 at 21:15 +0100, Dominick Grift wrote:
>
> Sven, see if this does what you want. If it does then i will commit it.
>
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/apache.if b/apache.if
> > index 83e899c..9bf189f 100644
> > --- a/apache.if
> > +++ b/apache.if
> > @@ -1070,8 +1070,14 @@
> > ## <rolecap/>
> > #
> > interface(`apache_manage_all_user_content',`
> > - refpolicywarn(`$0($*) has been deprecated, use
> apache_manage_all_content() instead.')
> > - apache_manage_all_content($1)
> > + gen_require(`
> > + type httpd_user_content_t, httpd_user_content_rw_t,
> httpd_user_content_ra_t)
> > + type httpd_user_htaccess_t, httpd_user_script_exec_t;
> > + ')
> > +
> > + manage_dirs_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > + manage_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t
> httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t
> httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t})
> > + manage_lnk_files_pattern($1, { httpd_user_content_t
> httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t },
> { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t
> httpd_user_script_exec_t })
> > ')
> >
> > ########################################
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130211/7a4f3c01/attachment.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises
2013-02-11 21:01 ` Sven Vermeulen
@ 2013-02-12 13:09 ` Dominick Grift
0 siblings, 0 replies; 4+ messages in thread
From: Dominick Grift @ 2013-02-12 13:09 UTC (permalink / raw)
To: refpolicy
On Mon, 2013-02-11 at 22:01 +0100, Sven Vermeulen wrote:
> Looks ok to me. Too bad templates cannot create interfaces, otherwise we
> could have apache_content_template create the apache_manage_all_*_content
> interfaces.
Alright, i merged this solution. commit id 37da3a4
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-12 13:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-11 20:15 [refpolicy] [PATCH] Make httpd_manage_all_user_content() do what it advertises Dominick Grift
2013-02-11 20:17 ` Dominick Grift
2013-02-11 21:01 ` Sven Vermeulen
2013-02-12 13:09 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.