From: sven.vermeulen@siphos.be (Sven Vermeulen)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content
Date: Thu, 3 Jan 2013 17:12:00 +0100 [thread overview]
Message-ID: <20130103161159.GA15995@siphos.be> (raw)
In-Reply-To: <50E5A018.3000308@tresys.com>
On Thu, Jan 03, 2013 at 10:13:28AM -0500, Christopher J. PeBenito wrote:
> On 12/17/12 04:42, Sven Vermeulen wrote:
> > The apache_manage_all_user_content interface has been deprecated and is now
> > pointing towards apache_manage_all_content.
[...]
> > optional_policy(`
> > - apache_manage_all_user_content(useradd_t)
> > + apache_manage_all_content(useradd_t)
> > ')
> >
> > optional_policy(`
>
> I disagree with this change. Useradd should only be creating user content, e.g.
> ~/public_html. This change would provide too much access.
You misunderstood me (or I expressed myself badly ;-)
This is currently the definition of apache_manage_all_user_content:
#v+
interface(`apache_manage_all_user_content',`
refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.')
apache_manage_all_content($1)
')
#v-
All I did in the patch was replace the call to the (deprecated) function
towards the newly pointed function, so that we don't get a deprecation
notice at build time anymore.
Wkr,
Sven Vermeulen
next prev parent reply other threads:[~2013-01-03 16:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-17 9:42 [refpolicy] [PATCH 0/8] Updates on master (non-contrib) Sven Vermeulen
2012-12-17 9:42 ` [refpolicy] [PATCH 1/8] Postgresql 9.2 connects to its unix stream socket Sven Vermeulen
2013-01-03 15:30 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 2/8] lvscan creates the /run/lock/lvm directory if nonexisting (v2) Sven Vermeulen
2013-01-03 15:30 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 3/8] Allow syslogger to manage cron log files (v2) Sven Vermeulen
2013-01-03 15:31 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content Sven Vermeulen
2013-01-03 15:13 ` Christopher J. PeBenito
2013-01-03 16:12 ` Sven Vermeulen [this message]
2013-01-03 16:24 ` Christopher J. PeBenito
2013-01-03 16:27 ` Christopher J. PeBenito
2013-01-11 18:29 ` Dominick Grift
2013-01-11 19:23 ` Sven Vermeulen
2012-12-17 9:42 ` [refpolicy] [PATCH 5/8] Dontaudit getsched on all domains Sven Vermeulen
2012-12-17 10:20 ` grift
2012-12-17 10:26 ` Sven Vermeulen
2012-12-21 20:17 ` Sven Vermeulen
2013-01-03 15:05 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 6/8] Allow initrc_t to read stunnel configuration Sven Vermeulen
2013-01-03 15:31 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 7/8] Introduce rw_inherited_file_perms definition Sven Vermeulen
2013-01-03 15:08 ` Christopher J. PeBenito
2012-12-17 9:42 ` [refpolicy] [PATCH 8/8] Introduce exec-check interfaces for passwd binaries and useradd binaries Sven Vermeulen
2013-01-03 15:31 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130103161159.GA15995@siphos.be \
--to=sven.vermeulen@siphos.be \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.