From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 3 Jan 2013 11:27:26 -0500 Subject: [refpolicy] [PATCH 4/8] Update towards apache_manage_all_content In-Reply-To: <50E5B0A3.3080908@tresys.com> References: <1355737370-27628-1-git-send-email-sven.vermeulen@siphos.be> <1355737370-27628-5-git-send-email-sven.vermeulen@siphos.be> <50E5A018.3000308@tresys.com> <20130103161159.GA15995@siphos.be> <50E5B0A3.3080908@tresys.com> Message-ID: <50E5B16E.8040101@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/03/13 11:24, Christopher J. PeBenito wrote: > On 01/03/13 11:12, Sven Vermeulen wrote: >> On Thu, Jan 03, 2013 at 10:13:28AM -0500, Christopher J. PeBenito wrote: >>> On 12/17/12 04:42, Sven Vermeulen wrote: >>>> The apache_manage_all_user_content interface has been deprecated and is now >>>> pointing towards apache_manage_all_content. >> [...] >>>> optional_policy(` >>>> - apache_manage_all_user_content(useradd_t) >>>> + apache_manage_all_content(useradd_t) >>>> ') >>>> >>>> optional_policy(` >>> >>> I disagree with this change. Useradd should only be creating user content, e.g. >>> ~/public_html. This change would provide too much access. >> >> You misunderstood me (or I expressed myself badly ;-) >> >> This is currently the definition of apache_manage_all_user_content: >> >> #v+ >> interface(`apache_manage_all_user_content',` >> refpolicywarn(`$0($*) has been deprecated, use apache_manage_all_content() instead.') >> apache_manage_all_content($1) >> ') >> #v- >> >> All I did in the patch was replace the call to the (deprecated) function >> towards the newly pointed function, so that we don't get a deprecation >> notice at build time anymore. > > I didn't misunderstand. I think the interface should be un-deprecated. To further clarify, I think the interface should be un-deprecated and the original implementation restored. User content is the stuff in ~/public_html. Its not interchangeable with all content, which includes the static web pages and content from web apps. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com