First Last Prev Next    This bug is not in your last search results.
Bug 169788 - apache_domain macro misses a httpd_ prefix
apache_domain macro misses a httpd_ prefix
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
x86_64 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-03 12:41 EDT by Jonathan Larmour
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-03 14:36:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jonathan Larmour 2005-10-03 12:41:53 EDT 
Description of problem:

In /etc/selinux/targeted/src/policy/macros/program/apache_macros.te there is the
following block:
ifelse($1, sys, `
domain_auto_trans(httpd_t, httpdcontent, httpd_sys_script_t)
domain_auto_trans(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
domain_auto_trans(sysadm_t, httpdcontent, httpd_sys_script_t)
create_dir_file(httpd_t, httpdcontent)
can_exec(httpd_t, httpdcontent )
', `
can_exec(httpd_$1_script_t, httpdcontent )
domain_auto_trans($1_t, httpdcontent, httpd_$1_script_t)
')
create_dir_file(httpd_$1_script_t, httpdcontent)
}

Note that the domain_auto_trans near the end is $1_t, not httpd_$1_t. This
causes an error when writing new policy that uses the apache_domain() macro.

Version-Release number of selected component (if applicable):

selinux-policy-targeted-1.17.30-2.88

How reproducible:

cd /etc/selinux/targeted/src/policy
cat >> domains/foo.te <<EOF
apache_domain(sys_writable)
EOF
make

Actual results:

/usr/bin/checkpolicy -o policy.18 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
types/x.te:6:ERROR 'unknown type sys_writable_t' at token ';' on line 4301:
#line 6
allow sys_writable_t httpd_sys_writable_script_t:process transition;
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.18] Error 1

Expected results:

It should work :)
Comment 1 Daniel Walsh 2005-10-03 14:07:26 EDT 
This is fixed in U2 policy. 1.17.30-2.110
Comment 2 Jonathan Larmour 2005-10-03 14:36:21 EDT 
Oh there's a U2 out? I haven't noticed that. Do I need to subscribe to a
different channel?
My problem was sorted anyway by changing the apache_macros.te file myself, so as
far as I'm concerned this can be closed, but I don't know whether to say
CURRENTRELEASE or NEXTRELEASE :). You can close it with the appropriate status
if you prefer.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.