On 04/06/2018 08:49 AM, Vit Mojzis wrote:
> The type generated by apache_content_template macro for cgi scripts
> changed from httpd_$1_script_t to $1_script_t.
> Update sepolicy accordingly.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324

This seems to be a change only present in Fedora policy, not upstream
refpolicy.  So merging this would break users of refpolicy and
potentially distributions other than Fedora.  Why was this change made,
and why wasn't a typealias added to preserve compatibility?

> 
> Signed-off-by: Vit Mojzis <vmoj...@redhat.com>
> ---
>  python/sepolicy/sepolicy/generate.py             | 2 +-
>  python/sepolicy/sepolicy/templates/executable.py | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/python/sepolicy/sepolicy/generate.py 
> b/python/sepolicy/sepolicy/generate.py
> index f814e278..675b99d6 100644
> --- a/python/sepolicy/sepolicy/generate.py
> +++ b/python/sepolicy/sepolicy/generate.py
> @@ -347,7 +347,7 @@ class policy:
>              raise ValueError(_("Name must be alpha numberic with no spaces. 
> Consider using option \"-n MODULENAME\""))
>  
>          if type == CGI:
> -            self.name = "httpd_%s_script" % name
> +            self.name = "%s_script" % name
>          else:
>              self.name = name
>  
> diff --git a/python/sepolicy/sepolicy/templates/executable.py 
> b/python/sepolicy/sepolicy/templates/executable.py
> index f2679938..e1b17486 100644
> --- a/python/sepolicy/sepolicy/templates/executable.py
> +++ b/python/sepolicy/sepolicy/templates/executable.py
> @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0)
>  
>  apache_content_template(TEMPLATETYPE)
>  
> -permissive httpd_TEMPLATETYPE_script_t;
> +permissive TEMPLATETYPE_script_t;
>  """
>  
>  te_daemon_rules="""\
> 

Reply via email to