[selinux-policy: 1966/3172] trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:54:51 UTC 2010 

commit e311e23a44c7e9c064a1034aea8ae0189fda1859
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jul 1 13:57:53 2008 +0000

    trunk: Fix httpd_enable_homedirs to actually provide the access it is supposed to provide.

 Changelog                         |    2 ++
 policy/modules/services/apache.te |   14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 8289f4a..546fc53 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Fix httpd_enable_homedirs to actually provide the access it is supposed to
+  provide.
 - Add unused interface/template parameter metadata in XML.
 - Patch to handle postfix data_directory from Vaclav Ovsik.
 - SE-Postgresql policy from KaiGai Kohei.
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 7ab5e64..d9ec823 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache, 1.9.3)
+policy_module(apache, 1.9.4)
 
 #
 # NOTES: 
@@ -394,6 +394,10 @@ tunable_policy(`httpd_enable_ftp_server',`
 	corenet_tcp_bind_ftp_port(httpd_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_t)
 	fs_read_nfs_symlinks(httpd_t)
@@ -634,6 +638,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
 	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_suexec_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_suexec_t)
 	fs_read_nfs_symlinks(httpd_suexec_t)
@@ -688,6 +696,10 @@ ifdef(`distro_redhat',`
 	allow httpd_sys_script_t httpd_log_t:file { getattr append };
 ')
 
+tunable_policy(`httpd_enable_homedirs',`
+	userdom_read_unpriv_users_home_content_files(httpd_sys_script_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_sys_script_t)
 	fs_read_nfs_symlinks(httpd_sys_script_t)

More information about the scm-commits mailing list