From 83e07b8a25fe4e3a3b971194c9399d5a02877a15 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Sun, 13 Feb 2011 18:58:38 +0100
Subject: [PATCH] Users calling apache_role were not able to manage
 httpd_user_content_t files, directories and symbolic links.

From 78d6e4acfc000b07dbf85b076fa523e95e72da3f Sun, 13 Feb 2011 18:55:53 +0100
From: Dominick Grift <domg472@gmail.com>
Date: Sun, 13 Feb 2011 18:55:09 +0100
Subject: [PATCH] Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links.

Users calling apache_role were not able to manage httpd_user_content_t files, directories and symbolic links.

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
 policy/modules/services/apache.if | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index c9e1a4435..648016736 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -218,10 +218,15 @@ interface(`apache_role',`
 
 	role $1 types httpd_user_script_t;
 
-	allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
-
 	allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
 
+	manage_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
+	manage_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
+	manage_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
+	relabel_dirs_pattern($2, httpd_user_content_t, httpd_user_content_t)
+	relabel_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
+	relabel_lnk_files_pattern($2, httpd_user_content_t, httpd_user_content_t)
+
 	manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
 	manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
 	manage_lnk_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)