trunk: add infrastructure for managing user web content.
This commit is contained in:
Chris PeBenito
parent
e83edee5d2
commit
a334d2918f
@ -1,3 +1,4 @@
|
||||
- Add infrastructure for managing all user web content.
|
||||
- Deprecate some old file and dir permission set macros in favor of the
|
||||
newer, more consistently-named macros.
|
||||
- Patch to clean up unescaped periods in several file context entries from
|
||||
|
||||
@ -265,12 +265,19 @@ template(`apache_content_template',`
|
||||
template(`apache_per_role_template', `
|
||||
gen_require(`
|
||||
attribute httpdcontent, httpd_script_domains;
|
||||
attribute httpd_exec_scripts;
|
||||
attribute httpd_exec_scripts, httpd_user_content_type;
|
||||
attribute httpd_user_script_exec_type;
|
||||
type httpd_t, httpd_suexec_t, httpd_log_t;
|
||||
')
|
||||
|
||||
apache_content_template($1)
|
||||
|
||||
typeattribute httpd_$1_content_t httpd_user_content_type;
|
||||
typeattribute httpd_$1_script_ra_t httpd_user_content_type;
|
||||
typeattribute httpd_$1_script_rw_t httpd_user_content_type;
|
||||
typeattribute httpd_$1_script_ro_t httpd_user_content_type;
|
||||
typeattribute httpd_$1_script_exec_t httpd_user_script_exec_type;
|
||||
|
||||
typeattribute httpd_$1_script_t httpd_script_domains;
|
||||
userdom_user_home_content($1,httpd_$1_content_t)
|
||||
|
||||
@ -1003,6 +1010,31 @@ interface(`apache_search_sys_scripts',`
|
||||
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete all user web content.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`apache_manage_all_user_content',`
|
||||
gen_require(`
|
||||
attribute httpd_user_content_type, httpd_user_script_exec_type;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||
manage_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||
manage_lnk_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||
|
||||
manage_dirs_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||
manage_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||
manage_lnk_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search system script state directory.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(apache,1.8.1)
|
||||
policy_module(apache,1.8.2)
|
||||
|
||||
#
|
||||
# NOTES:
|
||||
@ -107,11 +107,13 @@ gen_tunable(httpd_tty_comm,false)
|
||||
gen_tunable(httpd_unified,false)
|
||||
|
||||
attribute httpdcontent;
|
||||
attribute httpd_user_content_type;
|
||||
|
||||
# domains that can exec all users scripts
|
||||
attribute httpd_exec_scripts;
|
||||
|
||||
attribute httpd_script_exec_type;
|
||||
attribute httpd_user_script_exec_type;
|
||||
|
||||
# user script domains
|
||||
attribute httpd_script_domains;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user