On 04/11/2018 04:26 PM, Stephen Smalley wrote:
> On 04/06/2018 08:49 AM, Vit Mojzis wrote:
>> The type generated by apache_content_template macro for cgi scripts
>> changed from httpd_$1_script_t to $1_script_t.
>> Update sepolicy accordingly.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324
> 
> This seems to be a change only present in Fedora policy, not upstream
> refpolicy.  So merging this would break users of refpolicy and
> potentially distributions other than Fedora.  Why was this change made,> and 
> why wasn't a typealias added to preserve compatibility?
> 

Hi Stephen,

You're right with this change, however commit in our selinux-policy
sources changing this is from 2013. I will look on it and add proper
typealiases.

Thanks for heads up.
Lukas.

>>
>> Signed-off-by: Vit Mojzis <vmoj...@redhat.com>
>> ---
>>  python/sepolicy/sepolicy/generate.py             | 2 +-
>>  python/sepolicy/sepolicy/templates/executable.py | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/python/sepolicy/sepolicy/generate.py 
>> b/python/sepolicy/sepolicy/generate.py
>> index f814e278..675b99d6 100644
>> --- a/python/sepolicy/sepolicy/generate.py
>> +++ b/python/sepolicy/sepolicy/generate.py
>> @@ -347,7 +347,7 @@ class policy:
>>              raise ValueError(_("Name must be alpha numberic with no spaces. 
>> Consider using option \"-n MODULENAME\""))
>>  
>>          if type == CGI:
>> -            self.name = "httpd_%s_script" % name
>> +            self.name = "%s_script" % name
>>          else:
>>              self.name = name
>>  
>> diff --git a/python/sepolicy/sepolicy/templates/executable.py 
>> b/python/sepolicy/sepolicy/templates/executable.py
>> index f2679938..e1b17486 100644
>> --- a/python/sepolicy/sepolicy/templates/executable.py
>> +++ b/python/sepolicy/sepolicy/templates/executable.py
>> @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0)
>>  
>>  apache_content_template(TEMPLATETYPE)
>>  
>> -permissive httpd_TEMPLATETYPE_script_t;
>> +permissive TEMPLATETYPE_script_t;
>>  """
>>  
>>  te_daemon_rules="""\
>>
> 


-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to