Summary: | sec-policy/selinux-base-policy-2.20120725-r4: uncomplete interfaces apache_read_sys_content, apache_manage_sys_content ... | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vincent Brillault <gentoo> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | RESOLVED INVALID | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Vincent Brillault
2012-08-26 11:07:59 UTC
Concerning the possible "apache_manage_rw_sys_content interface", in fact there is no need for such a thing, as apache_manage_all_rw_content already give read/write rights for httpd_sys_rw_content_t and httpd_user_rw_content_t (which doesn't seem to be used) This seems to be by design. If you need to access the rw content, you can use the apache_*_all_rw_content methods. We can't add in interfaces for types that are generated by a template - the only possibilities here are to either use attributes (such as is the case with the apache_*_all_rw_content methods) or define the types in the main module (and not through the template). You also mentioned that for the manage part, you would use the apache_manage_all_rw_content. Are there any other things in this bug report that you consider as needed? Or are the attribute-related interfaces sufficient for you? Ok, using the apache_*_all_rw_content should do the job |