trunk: add infrastructure for managing user web content.
This commit is contained in:
parent
e83edee5d2
commit
a334d2918f
|
@ -1,3 +1,4 @@
|
||||||
|
- Add infrastructure for managing all user web content.
|
||||||
- Deprecate some old file and dir permission set macros in favor of the
|
- Deprecate some old file and dir permission set macros in favor of the
|
||||||
newer, more consistently-named macros.
|
newer, more consistently-named macros.
|
||||||
- Patch to clean up unescaped periods in several file context entries from
|
- Patch to clean up unescaped periods in several file context entries from
|
||||||
|
|
|
@ -265,12 +265,19 @@ template(`apache_content_template',`
|
||||||
template(`apache_per_role_template', `
|
template(`apache_per_role_template', `
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute httpdcontent, httpd_script_domains;
|
attribute httpdcontent, httpd_script_domains;
|
||||||
attribute httpd_exec_scripts;
|
attribute httpd_exec_scripts, httpd_user_content_type;
|
||||||
|
attribute httpd_user_script_exec_type;
|
||||||
type httpd_t, httpd_suexec_t, httpd_log_t;
|
type httpd_t, httpd_suexec_t, httpd_log_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
apache_content_template($1)
|
apache_content_template($1)
|
||||||
|
|
||||||
|
typeattribute httpd_$1_content_t httpd_user_content_type;
|
||||||
|
typeattribute httpd_$1_script_ra_t httpd_user_content_type;
|
||||||
|
typeattribute httpd_$1_script_rw_t httpd_user_content_type;
|
||||||
|
typeattribute httpd_$1_script_ro_t httpd_user_content_type;
|
||||||
|
typeattribute httpd_$1_script_exec_t httpd_user_script_exec_type;
|
||||||
|
|
||||||
typeattribute httpd_$1_script_t httpd_script_domains;
|
typeattribute httpd_$1_script_t httpd_script_domains;
|
||||||
userdom_user_home_content($1,httpd_$1_content_t)
|
userdom_user_home_content($1,httpd_$1_content_t)
|
||||||
|
|
||||||
|
@ -1003,6 +1010,31 @@ interface(`apache_search_sys_scripts',`
|
||||||
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
|
search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Create, read, write, and delete all user web content.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <rolecap/>
|
||||||
|
#
|
||||||
|
interface(`apache_manage_all_user_content',`
|
||||||
|
gen_require(`
|
||||||
|
attribute httpd_user_content_type, httpd_user_script_exec_type;
|
||||||
|
')
|
||||||
|
|
||||||
|
manage_dirs_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||||
|
manage_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||||
|
manage_lnk_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
|
||||||
|
|
||||||
|
manage_dirs_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||||
|
manage_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||||
|
manage_lnk_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search system script state directory.
|
## Search system script state directory.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(apache,1.8.1)
|
policy_module(apache,1.8.2)
|
||||||
|
|
||||||
#
|
#
|
||||||
# NOTES:
|
# NOTES:
|
||||||
|
@ -107,11 +107,13 @@ gen_tunable(httpd_tty_comm,false)
|
||||||
gen_tunable(httpd_unified,false)
|
gen_tunable(httpd_unified,false)
|
||||||
|
|
||||||
attribute httpdcontent;
|
attribute httpdcontent;
|
||||||
|
attribute httpd_user_content_type;
|
||||||
|
|
||||||
# domains that can exec all users scripts
|
# domains that can exec all users scripts
|
||||||
attribute httpd_exec_scripts;
|
attribute httpd_exec_scripts;
|
||||||
|
|
||||||
attribute httpd_script_exec_type;
|
attribute httpd_script_exec_type;
|
||||||
|
attribute httpd_user_script_exec_type;
|
||||||
|
|
||||||
# user script domains
|
# user script domains
|
||||||
attribute httpd_script_domains;
|
attribute httpd_script_domains;
|
||||||
|
|
Loading…
Reference in New Issue