Bug 169788 - apache_domain macro misses a httpd_ prefix
apache_domain macro misses a httpd_ prefix
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
x86_64 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-10-03 12:41 EDT by Jonathan Larmour
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-03 14:36:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jonathan Larmour 2005-10-03 12:41:53 EDT
Description of problem:

In /etc/selinux/targeted/src/policy/macros/program/apache_macros.te there is the
following block:
ifelse($1, sys, `
domain_auto_trans(httpd_t, httpdcontent, httpd_sys_script_t)
domain_auto_trans(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
domain_auto_trans(sysadm_t, httpdcontent, httpd_sys_script_t)
create_dir_file(httpd_t, httpdcontent)
can_exec(httpd_t, httpdcontent )
', `
can_exec(httpd_$1_script_t, httpdcontent )
domain_auto_trans($1_t, httpdcontent, httpd_$1_script_t)
create_dir_file(httpd_$1_script_t, httpdcontent)

Note that the domain_auto_trans near the end is $1_t, not httpd_$1_t. This
causes an error when writing new policy that uses the apache_domain() macro.

Version-Release number of selected component (if applicable):


How reproducible:

cd /etc/selinux/targeted/src/policy
cat >> domains/foo.te <<EOF

Actual results:

/usr/bin/checkpolicy -o policy.18 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
types/x.te:6:ERROR 'unknown type sys_writable_t' at token ';' on line 4301:
#line 6
allow sys_writable_t httpd_sys_writable_script_t:process transition;
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.18] Error 1

Expected results:

It should work :)
Comment 1 Daniel Walsh 2005-10-03 14:07:26 EDT
This is fixed in U2 policy. 1.17.30-2.110
Comment 2 Jonathan Larmour 2005-10-03 14:36:21 EDT
Oh there's a U2 out? I haven't noticed that. Do I need to subscribe to a
different channel?
My problem was sorted anyway by changing the apache_macros.te file myself, so as
far as I'm concerned this can be closed, but I don't know whether to say
CURRENTRELEASE or NEXTRELEASE :). You can close it with the appropriate status
if you prefer.

Note You need to log in before you can comment on or make changes to this bug.