Re: [PATCH] python/sepolicy: Fix type for cgi scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/11/2018 04:26 PM, Stephen Smalley wrote:
> On 04/06/2018 08:49 AM, Vit Mojzis wrote:
>> The type generated by apache_content_template macro for cgi scripts
>> changed from httpd_$1_script_t to $1_script_t.
>> Update sepolicy accordingly.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1271324
> 
> This seems to be a change only present in Fedora policy, not upstream
> refpolicy.  So merging this would break users of refpolicy and
> potentially distributions other than Fedora.  Why was this change made,> and why wasn't a typealias added to preserve compatibility?
> 

Hi Stephen,

You're right with this change, however commit in our selinux-policy
sources changing this is from 2013. I will look on it and add proper
typealiases.

Thanks for heads up.
Lukas.

>>
>> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
>> ---
>>  python/sepolicy/sepolicy/generate.py             | 2 +-
>>  python/sepolicy/sepolicy/templates/executable.py | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
>> index f814e278..675b99d6 100644
>> --- a/python/sepolicy/sepolicy/generate.py
>> +++ b/python/sepolicy/sepolicy/generate.py
>> @@ -347,7 +347,7 @@ class policy:
>>              raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
>>  
>>          if type == CGI:
>> -            self.name = "httpd_%s_script" % name
>> +            self.name = "%s_script" % name
>>          else:
>>              self.name = name
>>  
>> diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
>> index f2679938..e1b17486 100644
>> --- a/python/sepolicy/sepolicy/templates/executable.py
>> +++ b/python/sepolicy/sepolicy/templates/executable.py
>> @@ -116,7 +116,7 @@ policy_module(TEMPLATETYPE, 1.0.0)
>>  
>>  apache_content_template(TEMPLATETYPE)
>>  
>> -permissive httpd_TEMPLATETYPE_script_t;
>> +permissive TEMPLATETYPE_script_t;
>>  """
>>  
>>  te_daemon_rules="""\
>>
> 


-- 
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux