On 04/11/2018 04:26 PM, Stephen Smalley wrote: > On 04/06/2018 08:49 AM, Vit Mojzis wrote: >> The type generated by apache_content_template macro for cgi scripts >> changed from httpd_$1_script_t to $1_script_t. >> Update sepolicy accordingly. >> >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324 > > This seems to be a change only present in Fedora policy, not upstream > refpolicy. So merging this would break users of refpolicy and > potentially distributions other than Fedora. Why was this change made,> and > why wasn't a typealias added to preserve compatibility? >
Hi Stephen, You're right with this change, however commit in our selinux-policy sources changing this is from 2013. I will look on it and add proper typealiases. Thanks for heads up. Lukas. >> >> Signed-off-by: Vit Mojzis <vmoj...@redhat.com> >> --- >> python/sepolicy/sepolicy/generate.py | 2 +- >> python/sepolicy/sepolicy/templates/executable.py | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/python/sepolicy/sepolicy/generate.py >> b/python/sepolicy/sepolicy/generate.py >> index f814e278..675b99d6 100644 >> --- a/python/sepolicy/sepolicy/generate.py >> +++ b/python/sepolicy/sepolicy/generate.py >> @@ -347,7 +347,7 @@ class policy: >> raise ValueError(_("Name must be alpha numberic with no spaces. >> Consider using option \"-n MODULENAME\"")) >> >> if type == CGI: >> - self.name = "httpd_%s_script" % name >> + self.name = "%s_script" % name >> else: >> self.name = name >> >> diff --git a/python/sepolicy/sepolicy/templates/executable.py >> b/python/sepolicy/sepolicy/templates/executable.py >> index f2679938..e1b17486 100644 >> --- a/python/sepolicy/sepolicy/templates/executable.py >> +++ b/python/sepolicy/sepolicy/templates/executable.py >> @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0) >> >> apache_content_template(TEMPLATETYPE) >> >> -permissive httpd_TEMPLATETYPE_script_t; >> +permissive TEMPLATETYPE_script_t; >> """ >> >> te_daemon_rules="""\ >> > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.
Description: OpenPGP digital signature