commit 702978bda4b2106615a16d15ec58f80d7facd0ab

Author: Miroslav Grepl <mgrepl@redhat.com> Date: Wed May 6 16:41:20 2015 +0200 Revert "Add missing typealiases in apache_content_template() for script domain/executable." This reverts commit e8f96805b90c6fa1acc9fb9843863b8ea3d1136b
2015-05-06 16:46:39 +02:00 · 2015-05-06 16:46:39 +02:00 · 0a3c59c4c0
commit 0a3c59c4c0
parent 6a726d4793
1 changed files with 55 additions and 57 deletions
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@ -3663,7 +3663,7 @@ index 7caefc3..3009a35 100644
 +/var/run/dirsrv/admin-serv.*	gen_context(system_u:object_r:httpd_var_run_t,s0)
 +/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?       gen_context(system_u:object_r:httpd_var_run_t,s0)
 diff --git a/apache.if b/apache.if
-index f6eb485..a9a5ae2 100644
+index f6eb485..164501c 100644
 --- a/apache.if
 +++ b/apache.if
@@ -1,9 +1,9 @@
@ -3679,7 +3679,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="prefix">
 ##	<summary>
-@@ -13,118 +13,128 @@
+@@ -13,118 +13,126 @@
 #
 template(`apache_content_template',`
 	gen_require(`
@ -3771,7 +3771,6 @@ index f6eb485..a9a5ae2 100644
 +
 +	# Type that CGI scripts run as
 +	type $1_script_t,	httpd_script_type;
-+	typealias $1_script_t alias httpd_$1_script_t;
 +	domain_type($1_script_t)
 +	role system_r types $1_script_t;
 +
@ -3780,7 +3779,6 @@ index f6eb485..a9a5ae2 100644
 +	# This type is used for executable scripts files
 +	type $1_script_exec_t, httpd_script_exec_type; # customizable;
 +	typeattribute $1_script_exec_t httpd_content_type;
-+	typealias $1_script_exec_t alias httpd_$1_script_exec_t;
 +	domain_entry_file($1_script_t, $1_script_exec_t)
 +
 +	type $1_rw_content_t; # customizable
@ -3903,7 +3901,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="role">
 ##	<summary>
-@@ -133,47 +143,61 @@ template(`apache_content_template',`
+@@ -133,47 +141,61 @@ template(`apache_content_template',`
 ## </param>
 ## <param name="domain">
 ##	<summary>
@ -3994,7 +3992,7 @@ index f6eb485..a9a5ae2 100644
 		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)
 	')
 
-@@ -184,7 +208,7 @@ interface(`apache_role',`
+@@ -184,7 +206,7 @@ interface(`apache_role',`
 
 ########################################
 ## <summary>
@ -4003,7 +4001,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -204,7 +228,7 @@ interface(`apache_read_user_scripts',`
+@@ -204,7 +226,7 @@ interface(`apache_read_user_scripts',`
 
 ########################################
 ## <summary>
@ -4012,7 +4010,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -224,7 +248,7 @@ interface(`apache_read_user_content',`
+@@ -224,7 +246,7 @@ interface(`apache_read_user_content',`
 
 ########################################
 ## <summary>
@ -4021,7 +4019,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -241,27 +265,47 @@ interface(`apache_domtrans',`
+@@ -241,27 +263,47 @@ interface(`apache_domtrans',`
 	domtrans_pattern($1, httpd_exec_t, httpd_t)
 ')
 
@ -4076,7 +4074,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -279,7 +323,7 @@ interface(`apache_signal',`
+@@ -279,7 +321,7 @@ interface(`apache_signal',`
 
 ########################################
 ## <summary>
@ -4085,7 +4083,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -297,7 +341,7 @@ interface(`apache_signull',`
+@@ -297,7 +339,7 @@ interface(`apache_signull',`
 
 ########################################
 ## <summary>
@ -4094,7 +4092,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -315,8 +359,7 @@ interface(`apache_sigchld',`
+@@ -315,8 +357,7 @@ interface(`apache_sigchld',`
 
 ########################################
 ## <summary>
@ -4104,7 +4102,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -334,8 +377,8 @@ interface(`apache_use_fds',`
+@@ -334,8 +375,8 @@ interface(`apache_use_fds',`
 
 ########################################
 ## <summary>
@ -4115,7 +4113,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -348,13 +391,32 @@ interface(`apache_dontaudit_rw_fifo_file',`
+@@ -348,13 +389,32 @@ interface(`apache_dontaudit_rw_fifo_file',`
 		type httpd_t;
 	')
 
@ -4151,7 +4149,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -367,13 +429,13 @@ interface(`apache_dontaudit_rw_stream_sockets',`
+@@ -367,13 +427,13 @@ interface(`apache_dontaudit_rw_stream_sockets',`
 		type httpd_t;
 	')
 
@ -4168,7 +4166,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -391,8 +453,7 @@ interface(`apache_dontaudit_rw_tcp_sockets',`
+@@ -391,8 +451,7 @@ interface(`apache_dontaudit_rw_tcp_sockets',`
 
 ########################################
 ## <summary>
@ -4178,7 +4176,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -417,7 +478,8 @@ interface(`apache_manage_all_content',`
+@@ -417,7 +476,8 @@ interface(`apache_manage_all_content',`
 
 ########################################
 ## <summary>
@ -4188,7 +4186,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -435,7 +497,8 @@ interface(`apache_setattr_cache_dirs',`
+@@ -435,7 +495,8 @@ interface(`apache_setattr_cache_dirs',`
 
 ########################################
 ## <summary>
@ -4198,7 +4196,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -453,7 +516,8 @@ interface(`apache_list_cache',`
+@@ -453,7 +514,8 @@ interface(`apache_list_cache',`
 
 ########################################
 ## <summary>
@ -4208,7 +4206,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -471,7 +535,8 @@ interface(`apache_rw_cache_files',`
+@@ -471,7 +533,8 @@ interface(`apache_rw_cache_files',`
 
 ########################################
 ## <summary>
@ -4218,7 +4216,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -489,7 +554,8 @@ interface(`apache_delete_cache_dirs',`
+@@ -489,7 +552,8 @@ interface(`apache_delete_cache_dirs',`
 
 ########################################
 ## <summary>
@ -4228,7 +4226,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -507,49 +573,51 @@ interface(`apache_delete_cache_files',`
+@@ -507,49 +571,51 @@ interface(`apache_delete_cache_files',`
 
 ########################################
 ## <summary>
@ -4291,7 +4289,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -570,8 +638,8 @@ interface(`apache_manage_config',`
+@@ -570,8 +636,8 @@ interface(`apache_manage_config',`
 
 ########################################
 ## <summary>
@ -4302,7 +4300,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -608,16 +676,38 @@ interface(`apache_domtrans_helper',`
+@@ -608,16 +674,38 @@ interface(`apache_domtrans_helper',`
 #
 interface(`apache_run_helper',`
 	gen_require(`
@ -4344,7 +4342,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -639,7 +729,8 @@ interface(`apache_read_log',`
+@@ -639,7 +727,8 @@ interface(`apache_read_log',`
 
 ########################################
 ## <summary>
@ -4354,7 +4352,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -657,10 +748,29 @@ interface(`apache_append_log',`
+@@ -657,10 +746,29 @@ interface(`apache_append_log',`
 	append_files_pattern($1, httpd_log_t, httpd_log_t)
 ')
 
@ -4386,7 +4384,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -678,8 +788,8 @@ interface(`apache_dontaudit_append_log',`
+@@ -678,8 +786,8 @@ interface(`apache_dontaudit_append_log',`
 
 ########################################
 ## <summary>
@ -4397,7 +4395,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -687,20 +797,21 @@ interface(`apache_dontaudit_append_log',`
+@@ -687,20 +795,21 @@ interface(`apache_dontaudit_append_log',`
 ##	</summary>
 ## </param>
 #
@ -4427,7 +4425,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -708,19 +819,21 @@ interface(`apache_manage_log',`
+@@ -708,19 +817,21 @@ interface(`apache_manage_log',`
 ##	</summary>
 ## </param>
 #
@ -4453,7 +4451,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -738,7 +851,8 @@ interface(`apache_dontaudit_search_modules',`
+@@ -738,7 +849,8 @@ interface(`apache_dontaudit_search_modules',`
 
 ########################################
 ## <summary>
@ -4463,7 +4461,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -746,17 +860,19 @@ interface(`apache_dontaudit_search_modules',`
+@@ -746,17 +858,19 @@ interface(`apache_dontaudit_search_modules',`
 ##	</summary>
 ## </param>
 #
@ -4486,7 +4484,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -764,19 +880,19 @@ interface(`apache_list_modules',`
+@@ -764,19 +878,19 @@ interface(`apache_list_modules',`
 ##	</summary>
 ## </param>
 #
@ -4510,7 +4508,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -784,19 +900,19 @@ interface(`apache_exec_modules',`
+@@ -784,19 +898,19 @@ interface(`apache_exec_modules',`
 ##	</summary>
 ## </param>
 #
@ -4535,7 +4533,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -809,13 +925,50 @@ interface(`apache_domtrans_rotatelogs',`
+@@ -809,13 +923,50 @@ interface(`apache_domtrans_rotatelogs',`
 		type httpd_rotatelogs_t, httpd_rotatelogs_exec_t;
 	')
 
@ -4588,7 +4586,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -829,13 +982,14 @@ interface(`apache_list_sys_content',`
+@@ -829,13 +980,14 @@ interface(`apache_list_sys_content',`
 	')
 
 	list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
@ -4605,7 +4603,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -844,6 +998,7 @@ interface(`apache_list_sys_content',`
+@@ -844,6 +996,7 @@ interface(`apache_list_sys_content',`
 ## </param>
 ## <rolecap/>
 #
@ -4613,7 +4611,7 @@ index f6eb485..a9a5ae2 100644
 interface(`apache_manage_sys_content',`
 	gen_require(`
 		type httpd_sys_content_t;
-@@ -855,32 +1010,98 @@ interface(`apache_manage_sys_content',`
+@@ -855,32 +1008,98 @@ interface(`apache_manage_sys_content',`
 	manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
 ')
 
@ -4720,7 +4718,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -888,10 +1109,17 @@ interface(`apache_manage_sys_rw_content',`
+@@ -888,10 +1107,17 @@ interface(`apache_manage_sys_rw_content',`
 ##	</summary>
 ## </param>
 #
@ -4739,7 +4737,7 @@ index f6eb485..a9a5ae2 100644
 	')
 
 	tunable_policy(`httpd_enable_cgi && httpd_unified',`
-@@ -901,9 +1129,8 @@ interface(`apache_domtrans_sys_script',`
+@@ -901,9 +1127,8 @@ interface(`apache_domtrans_sys_script',`
 
 ########################################
 ## <summary>
@ -4751,7 +4749,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -916,7 +1143,7 @@ interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
+@@ -916,7 +1141,7 @@ interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
 		type httpd_sys_script_t;
 	')
 
@ -4760,7 +4758,7 @@ index f6eb485..a9a5ae2 100644
 ')
 
 ########################################
-@@ -941,7 +1168,7 @@ interface(`apache_domtrans_all_scripts',`
+@@ -941,7 +1166,7 @@ interface(`apache_domtrans_all_scripts',`
 ########################################
 ## <summary>
 ##	Execute all user scripts in the user
@ -4769,7 +4767,7 @@ index f6eb485..a9a5ae2 100644
 ##	to the specified role.
 ## </summary>
 ## <param name="domain">
-@@ -954,6 +1181,7 @@ interface(`apache_domtrans_all_scripts',`
+@@ -954,6 +1179,7 @@ interface(`apache_domtrans_all_scripts',`
 ##	Role allowed access.
 ##	</summary>
 ## </param>
@ -4777,7 +4775,7 @@ index f6eb485..a9a5ae2 100644
 #
 interface(`apache_run_all_scripts',`
 	gen_require(`
-@@ -966,7 +1194,8 @@ interface(`apache_run_all_scripts',`
+@@ -966,7 +1192,8 @@ interface(`apache_run_all_scripts',`
 
 ########################################
 ## <summary>
@ -4787,7 +4785,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -979,12 +1208,13 @@ interface(`apache_read_squirrelmail_data',`
+@@ -979,12 +1206,13 @@ interface(`apache_read_squirrelmail_data',`
 		type httpd_squirrelmail_t;
 	')
 
@ -4803,7 +4801,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1002,7 +1232,7 @@ interface(`apache_append_squirrelmail_data',`
+@@ -1002,7 +1230,7 @@ interface(`apache_append_squirrelmail_data',`
 
 ########################################
 ## <summary>
@ -4812,7 +4810,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1015,13 +1245,12 @@ interface(`apache_search_sys_content',`
+@@ -1015,13 +1243,12 @@ interface(`apache_search_sys_content',`
 		type httpd_sys_content_t;
 	')
 
@ -4827,7 +4825,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1041,7 +1270,7 @@ interface(`apache_read_sys_content',`
+@@ -1041,7 +1268,7 @@ interface(`apache_read_sys_content',`
 
 ########################################
 ## <summary>
@ -4836,7 +4834,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1059,8 +1288,7 @@ interface(`apache_search_sys_scripts',`
+@@ -1059,8 +1286,7 @@ interface(`apache_search_sys_scripts',`
 
 ########################################
 ## <summary>
@ -4846,7 +4844,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1071,18 +1299,21 @@ interface(`apache_search_sys_scripts',`
+@@ -1071,18 +1297,21 @@ interface(`apache_search_sys_scripts',`
 #
 interface(`apache_manage_all_user_content',`
 	gen_require(`
@ -4874,7 +4872,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1100,7 +1331,8 @@ interface(`apache_search_sys_script_state',`
+@@ -1100,7 +1329,8 @@ interface(`apache_search_sys_script_state',`
 
 ########################################
 ## <summary>
@ -4884,7 +4882,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1117,10 +1349,29 @@ interface(`apache_read_tmp_files',`
+@@ -1117,10 +1347,29 @@ interface(`apache_read_tmp_files',`
 	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
 ')
 
@ -4916,7 +4914,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1133,7 +1384,7 @@ interface(`apache_dontaudit_write_tmp_files',`
+@@ -1133,7 +1382,7 @@ interface(`apache_dontaudit_write_tmp_files',`
 		type httpd_tmp_t;
 	')
 
@ -4925,7 +4923,7 @@ index f6eb485..a9a5ae2 100644
 ')
 
 ########################################
-@@ -1142,6 +1393,9 @@ interface(`apache_dontaudit_write_tmp_files',`
+@@ -1142,6 +1391,9 @@ interface(`apache_dontaudit_write_tmp_files',`
 ## </summary>
 ##	<desc>
 ##	<p>
@ -4935,7 +4933,7 @@ index f6eb485..a9a5ae2 100644
 ##	This is an interface to support third party modules
 ##	and its use is not allowed in upstream reference
 ##	policy.
-@@ -1171,8 +1425,31 @@ interface(`apache_cgi_domain',`
+@@ -1171,8 +1423,31 @@ interface(`apache_cgi_domain',`
 
 ########################################
 ## <summary>
@ -4969,7 +4967,7 @@ index f6eb485..a9a5ae2 100644
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-@@ -1189,18 +1466,19 @@ interface(`apache_cgi_domain',`
+@@ -1189,18 +1464,19 @@ interface(`apache_cgi_domain',`
 interface(`apache_admin',`
 	gen_require(`
 		attribute httpdcontent, httpd_script_exec_type;
@ -4998,7 +4996,7 @@ index f6eb485..a9a5ae2 100644
 
 	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
 	domain_system_change_exemption($1)
-@@ -1210,10 +1488,10 @@ interface(`apache_admin',`
+@@ -1210,10 +1486,10 @@ interface(`apache_admin',`
 	apache_manage_all_content($1)
 	miscfiles_manage_public_files($1)
 
@ -5012,7 +5010,7 @@ index f6eb485..a9a5ae2 100644
 	admin_pattern($1, httpd_log_t)
 
 	admin_pattern($1, httpd_modules_t)
-@@ -1224,9 +1502,141 @@ interface(`apache_admin',`
+@@ -1224,9 +1500,141 @@ interface(`apache_admin',`
 	admin_pattern($1, httpd_var_run_t)
 	files_pid_filetrans($1, httpd_var_run_t, file)