Miroslav Grepl 4fc70e
diff --git a/apache.if b/apache.if
Miroslav Grepl 4fc70e
index fac6fe5..804867a 100644
Miroslav Grepl 4fc70e
--- a/apache.if
Miroslav Grepl 4fc70e
+++ b/apache.if
Miroslav Grepl 4fc70e
@@ -14,99 +14,123 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 		attribute httpd_exec_scripts, httpd_script_exec_type;
Miroslav Grepl 4fc70e
-		type httpd_t, httpd_suexec_t, httpd_log_t;
Miroslav Grepl 4fc70e
-		type httpd_sys_content_t;
Miroslav Grepl 4fc70e
+		type httpd_t, httpd_suexec_t;
Miroslav Grepl 4fc70e
 		attribute httpd_script_type, httpd_content_type;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	#This type is for webpages
Miroslav Grepl 4fc70e
-	type httpd_$1_content_t; # customizable;
Miroslav Grepl 4fc70e
-	typeattribute httpd_$1_content_t httpd_content_type;
Miroslav Grepl 4fc70e
-	typealias httpd_$1_content_t alias httpd_$1_script_ro_t;
Miroslav Grepl 4fc70e
-	files_type(httpd_$1_content_t)
Miroslav Grepl 4fc70e
+	type $1_content_t; # customizable;
Miroslav Grepl 4fc70e
+	typeattribute $1_content_t httpd_content_type;
Miroslav Grepl 4fc70e
+	typealias $1_content_t alias httpd_$1_script_ro_t;
Miroslav Grepl 4fc70e
+	files_type($1_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# This type is used for .htaccess files
Miroslav Grepl 4fc70e
-	type httpd_$1_htaccess_t, httpd_content_type; # customizable;
Miroslav Grepl 4fc70e
-	typeattribute httpd_$1_htaccess_t httpd_content_type;
Miroslav Grepl 4fc70e
-	files_type(httpd_$1_htaccess_t)
Miroslav Grepl 4fc70e
+	type $1_htaccess_t, httpd_content_type; # customizable;
Miroslav Grepl 4fc70e
+	typeattribute $1_htaccess_t httpd_content_type;
Miroslav Grepl 4fc70e
+	files_type($1_htaccess_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# Type that CGI scripts run as
Miroslav Grepl 4fc70e
-	type httpd_$1_script_t,	httpd_script_type;
Miroslav Grepl 4fc70e
-	domain_type(httpd_$1_script_t)
Miroslav Grepl 4fc70e
-	role system_r types httpd_$1_script_t;
Miroslav Grepl 4fc70e
+	type $1_script_t,	httpd_script_type;
Miroslav Grepl 4fc70e
+	domain_type($1_script_t)
Miroslav Grepl 4fc70e
+	role system_r types $1_script_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	kernel_read_system_state(httpd_$1_script_t)
Miroslav Grepl 4fc70e
+	kernel_read_system_state($1_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# This type is used for executable scripts files
Miroslav Grepl 4fc70e
-	type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
Miroslav Grepl 4fc70e
-	typeattribute httpd_$1_script_exec_t httpd_content_type;
Miroslav Grepl 4fc70e
-	domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)
Miroslav Grepl 4fc70e
+	type $1_script_exec_t, httpd_script_exec_type; # customizable;
Miroslav Grepl 4fc70e
+	typeattribute $1_script_exec_t httpd_content_type;
Miroslav Grepl 4fc70e
+	domain_entry_file($1_script_t, $1_script_exec_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	type httpd_$1_rw_content_t; # customizable
Miroslav Grepl 4fc70e
-	typeattribute httpd_$1_rw_content_t httpd_content_type;
Miroslav Grepl 4fc70e
-	typealias httpd_$1_rw_content_t alias { httpd_$1_script_rw_t httpd_$1_content_rw_t };
Miroslav Grepl 4fc70e
-	files_type(httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
+	type $1_rw_content_t; # customizable
Miroslav Grepl 4fc70e
+	typeattribute $1_rw_content_t httpd_content_type;
Miroslav Grepl 4fc70e
+	typealias $1_rw_content_t alias { $1_script_rw_t };
Miroslav Grepl 4fc70e
+	files_type($1_rw_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	type httpd_$1_ra_content_t, httpd_content_type; # customizable
Miroslav Grepl 4fc70e
-	typeattribute httpd_$1_ra_content_t httpd_content_type;
Miroslav Grepl 4fc70e
-	typealias httpd_$1_ra_content_t alias { httpd_$1_script_ra_t httpd_$1_content_ra_t };
Miroslav Grepl 4fc70e
-	files_type(httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
+	type $1_ra_content_t, httpd_content_type; # customizable
Miroslav Grepl 4fc70e
+	typeattribute $1_ra_content_t httpd_content_type;
Miroslav Grepl 4fc70e
+	typealias $1_ra_content_t alias { $1_script_ra_t $1_content_ra_t };
Miroslav Grepl 4fc70e
+	files_type($1_ra_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# Allow the script process to search the cgi directory, and users directory
Miroslav Grepl 4fc70e
-	allow httpd_$1_script_t httpd_$1_content_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
+	allow $1_script_t $1_content_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	can_exec(httpd_$1_script_t, httpd_$1_script_exec_t)
Miroslav Grepl 4fc70e
-	allow httpd_$1_script_t httpd_$1_script_exec_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
+	can_exec($1_script_t, $1_script_exec_t)
Miroslav Grepl 4fc70e
+	allow $1_script_t $1_script_exec_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_$1_script_t httpd_$1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-	append_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-	create_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
+	allow $1_script_t $1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };
Miroslav Grepl 4fc70e
+	read_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+	append_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+	create_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_$1_script_t httpd_$1_content_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)
Miroslav Grepl 4fc70e
+	allow $1_script_t $1_content_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
+	read_files_pattern($1_script_t, $1_content_t, $1_content_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern($1_script_t, $1_content_t, $1_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-	manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-	manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-	manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_lnk_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_fifo_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_sock_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# Allow the web server to run scripts and serve pages
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		manage_dirs_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-		manage_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-		manage_lnk_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
-		rw_sock_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
Miroslav Grepl 4fc70e
+		manage_dirs_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+		manage_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+		manage_lnk_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
+		rw_sock_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		allow httpd_t httpd_$1_ra_content_t:dir { add_entry_dir_perms };
Miroslav Grepl 4fc70e
-		read_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-		append_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-		create_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
-		read_lnk_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)
Miroslav Grepl 4fc70e
+		allow httpd_t $1_ra_content_t:dir { add_entry_dir_perms };
Miroslav Grepl 4fc70e
+		read_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+		append_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+		create_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
+		read_lnk_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		allow httpd_$1_script_t httpd_$1_script_exec_t:file entrypoint;
Miroslav Grepl 4fc70e
+		allow $1_script_t $1_script_exec_t:file entrypoint;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		domtrans_pattern(httpd_suexec_t, httpd_$1_script_exec_t, httpd_$1_script_t)
Miroslav Grepl 4fc70e
+		domtrans_pattern(httpd_suexec_t, $1_script_exec_t, $1_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 		# privileged users run the script:
Miroslav Grepl 4fc70e
-		domtrans_pattern(httpd_exec_scripts, httpd_$1_script_exec_t, httpd_$1_script_t)
Miroslav Grepl 4fc70e
+		domtrans_pattern(httpd_exec_scripts, $1_script_exec_t, $1_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		allow httpd_exec_scripts httpd_$1_script_exec_t:file read_file_perms;
Miroslav Grepl 4fc70e
+		allow httpd_exec_scripts $1_script_exec_t:file read_file_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 		# apache runs the script:
Miroslav Grepl 4fc70e
-		domtrans_pattern(httpd_t, httpd_$1_script_exec_t, httpd_$1_script_t)
Miroslav Grepl 4fc70e
-		allow httpd_t httpd_$1_script_t:unix_dgram_socket sendto;
Miroslav Grepl 4fc70e
+		domtrans_pattern(httpd_t, $1_script_exec_t, $1_script_t)
Miroslav Grepl 4fc70e
+		allow httpd_t $1_script_t:unix_dgram_socket sendto;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
+##	Create a set of derived types for apache
Miroslav Grepl 4fc70e
+##	web content.
Miroslav Grepl 4fc70e
+## </summary>
Miroslav Grepl 4fc70e
+## <param name="prefix">
Miroslav Grepl 4fc70e
+##	<summary>
Miroslav Grepl 4fc70e
+##	The prefix to be used for deriving new type names.
Miroslav Grepl 4fc70e
+##	</summary>
Miroslav Grepl 4fc70e
+## </param>
Miroslav Grepl 4fc70e
+## <param name="oldprefix">
Miroslav Grepl 4fc70e
+##	<summary>
Miroslav Grepl 4fc70e
+##	The prefix to be used for deriving old type names.
Miroslav Grepl 4fc70e
+##	</summary>
Miroslav Grepl 4fc70e
+## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	typealias $1_htaccess_t alias httpd_$2_htaccess_t;
Miroslav Grepl 4fc70e
+	typealias $1_script_t alias httpd_$2_script_t;
Miroslav Grepl 4fc70e
+	typealias $1_script_exec_t alias httpd_$2_script_exec_t;
Miroslav Grepl 4fc70e
+	typealias $1_content_t alias httpd_$2_content_t;
Miroslav Grepl 4fc70e
+	typealias $1_rw_content_t alias httpd_$2_script_rw_content_t;
Miroslav Grepl 4fc70e
+	typealias $1_ra_content_t alias httpd_$2_script_ra_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+## <summary>
Miroslav Grepl 4fc70e
 ##	Role access for apache
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="role">
Miroslav Grepl 4fc70e
diff --git a/apache.te b/apache.te
Miroslav Grepl 4fc70e
index 0e09bca..85e992e 100644
Miroslav Grepl 4fc70e
--- a/apache.te
Miroslav Grepl 4fc70e
+++ b/apache.te
Miroslav Grepl 4fc70e
@@ -370,7 +370,7 @@ type httpd_suexec_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # setup the system domain for system CGI scripts
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 typeattribute httpd_sys_content_t httpdcontent; # customizable
Miroslav Grepl 4fc70e
 typeattribute httpd_sys_rw_content_t httpdcontent; # customizable
Miroslav Grepl 4fc70e
@@ -389,7 +389,7 @@ files_tmp_file(httpd_tmp_t)
Miroslav Grepl 4fc70e
 type httpd_tmpfs_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 typeattribute httpd_user_content_t httpdcontent;
Miroslav Grepl 4fc70e
@@ -1619,6 +1619,7 @@ allow httpd_t httpd_script_exec_type:dir list_dir_perms;
Miroslav Grepl 4fc70e
 allow httpd_script_type self:process { setsched signal_perms };
Miroslav Grepl 4fc70e
 allow httpd_script_type self:unix_stream_socket create_stream_socket_perms;
Miroslav Grepl 4fc70e
 allow httpd_script_type self:unix_dgram_socket create_socket_perms;
Miroslav Grepl 4fc70e
+allow httpd_script_type httpd_t:unix_stream_socket rw_stream_socket_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 allow httpd_script_type httpd_t:fd use;
Miroslav Grepl 4fc70e
 allow httpd_script_type httpd_t:process sigchld;
Miroslav Grepl 4fc70e
diff --git a/apcupsd.fc b/apcupsd.fc
Miroslav Grepl 4fc70e
index 1c37fe1..274704f 100644
Miroslav Grepl 4fc70e
--- a/apcupsd.fc
Miroslav Grepl 4fc70e
+++ b/apcupsd.fc
Miroslav Grepl 4fc70e
@@ -14,8 +14,8 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/run/apcupsd\.pid	--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/cgi-bin/apcgui(/.*)?	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/cgi-bin/apcgui(/.*)?	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/apcupsd.if b/apcupsd.if
Miroslav Grepl 4fc70e
index b6afc90..9c06313 100644
Miroslav Grepl 4fc70e
--- a/apcupsd.if
Miroslav Grepl 4fc70e
+++ b/apcupsd.if
Miroslav Grepl 4fc70e
@@ -102,7 +102,7 @@ interface(`apcupsd_append_log',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
 ##	Execute a domain transition to
Miroslav Grepl 4fc70e
-##	run httpd_apcupsd_cgi_script.
Miroslav Grepl 4fc70e
+##	run apcupsd_cgi_script.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
@@ -112,11 +112,11 @@ interface(`apcupsd_append_log',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
Miroslav Grepl 4fc70e
+		type apcupsd_cgi_script_t, apcupsd_cgi_script_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	domtrans_pattern($1, apcupsd_cgi_script_exec_t, apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/apcupsd.te b/apcupsd.te
Miroslav Grepl 4fc70e
index b4c43c7..11c215a 100644
Miroslav Grepl 4fc70e
--- a/apcupsd.te
Miroslav Grepl 4fc70e
+++ b/apcupsd.te
Miroslav Grepl 4fc70e
@@ -116,19 +116,20 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
Miroslav Grepl 4fc70e
-	allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_sendrecv_apcupsd_client_packets(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	apache_content_alias_template(apcupsd_cgi, apcupsd_cgi)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	allow apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
Miroslav Grepl 4fc70e
+	allow apcupsd_cgi_script_t self:udp_socket create_socket_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	corenet_all_recvfrom_netlabel(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_if(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_node(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_all_ports(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_sendrecv_apcupsd_client_packets(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_apcupsd_port(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_generic_if(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_generic_node(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_all_ports(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	sysnet_dns_name_resolve(apcupsd_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/awstats.fc b/awstats.fc
Miroslav Grepl 4fc70e
index 11e6d5f..73b4ea4 100644
Miroslav Grepl 4fc70e
--- a/awstats.fc
Miroslav Grepl 4fc70e
+++ b/awstats.fc
Miroslav Grepl 4fc70e
@@ -1,5 +1,5 @@
Miroslav Grepl 4fc70e
 /usr/share/awstats/tools/.+\.pl	--	gen_context(system_u:object_r:awstats_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/awstats/wwwroot(/.*)?	gen_context(system_u:object_r:httpd_awstats_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/awstats/wwwroot/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_awstats_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/awstats/wwwroot(/.*)?	gen_context(system_u:object_r:awstats_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/awstats/wwwroot/cgi-bin(/.*)?	gen_context(system_u:object_r:awstats_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/awstats(/.*)?	gen_context(system_u:object_r:awstats_var_lib_t,s0)
Miroslav Grepl 4fc70e
diff --git a/awstats.te b/awstats.te
Miroslav Grepl 4fc70e
index c222135..ffbf2cb 100644
Miroslav Grepl 4fc70e
--- a/awstats.te
Miroslav Grepl 4fc70e
+++ b/awstats.te
Miroslav Grepl 4fc70e
@@ -26,6 +26,7 @@ type awstats_var_lib_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(awstats, awstats)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -40,9 +41,9 @@ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 manage_files_pattern(awstats_t, awstats_var_lib_t, awstats_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-allow awstats_t { httpd_awstats_content_t  httpd_awstats_script_exec_t }:dir search_dir_perms;
Miroslav Grepl 4fc70e
+allow awstats_t { awstats_content_t  awstats_script_exec_t }:dir search_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-can_exec(awstats_t, { awstats_exec_t httpd_awstats_script_exec_t })
Miroslav Grepl 4fc70e
+can_exec(awstats_t, { awstats_exec_t awstats_script_exec_t })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -86,13 +87,13 @@ optional_policy(`
Miroslav Grepl 4fc70e
 # CGI local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_awstats_script_t, awstats_tmp_t, awstats_tmp_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_awstats_script_t, awstats_tmp_t, awstats_tmp_t)
Miroslav Grepl 4fc70e
-files_tmp_filetrans(httpd_awstats_script_t, awstats_tmp_t, { dir file })
Miroslav Grepl 4fc70e
+manage_dirs_pattern(awstats_script_t, awstats_tmp_t, awstats_tmp_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(awstats_script_t, awstats_tmp_t, awstats_tmp_t)
Miroslav Grepl 4fc70e
+files_tmp_filetrans(awstats_script_t, awstats_tmp_t, { dir file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-allow httpd_awstats_script_t awstats_var_lib_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
+allow awstats_script_t awstats_var_lib_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+read_files_pattern(awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/bugzilla.fc b/bugzilla.fc
Miroslav Grepl 4fc70e
index fb6e397..9efceac 100644
Miroslav Grepl 4fc70e
--- a/bugzilla.fc
Miroslav Grepl 4fc70e
+++ b/bugzilla.fc
Miroslav Grepl 4fc70e
@@ -1,4 +1,4 @@
Miroslav Grepl 4fc70e
-/usr/share/bugzilla(/.*)?		gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/bugzilla/.*\.cgi	--	gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/bugzilla(/.*)?		gen_context(system_u:object_r:bugzilla_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/bugzilla/.*\.cgi	--	gen_context(system_u:object_r:bugzilla_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/lib/bugzilla(/.*)?	gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/lib/bugzilla(/.*)?	gen_context(system_u:object_r:bugzilla_rw_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/bugzilla.if b/bugzilla.if
Miroslav Grepl 4fc70e
index bf0cefa..d9ea246 100644
Miroslav Grepl 4fc70e
--- a/bugzilla.if
Miroslav Grepl 4fc70e
+++ b/bugzilla.if
Miroslav Grepl 4fc70e
@@ -12,10 +12,10 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_bugzilla_content_t;
Miroslav Grepl 4fc70e
+		type bugzilla_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
+	allow $1 bugzilla_content_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -32,10 +32,10 @@ interface(`bugzilla_search_content',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_bugzilla_script_t;
Miroslav Grepl 4fc70e
+		type bugzilla_script_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
Miroslav Grepl 4fc70e
+	dontaudit $1 bugzilla_script_t:unix_stream_socket { read write };
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -51,32 +51,32 @@ interface(`bugzilla_dontaudit_rw_stream_sockets',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
Miroslav Grepl 4fc70e
-		type httpd_bugzilla_rw_content_t, httpd_bugzilla_script_exec_t;
Miroslav Grepl 4fc70e
-		type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t;
Miroslav Grepl 4fc70e
+		type bugzilla_script_t, bugzilla_content_t, bugzilla_ra_content_t;
Miroslav Grepl 4fc70e
+		type bugzilla_rw_content_t, bugzilla_script_exec_t;
Miroslav Grepl 4fc70e
+		type bugzilla_htaccess_t, bugzilla_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_bugzilla_script_t:process signal_perms;
Miroslav Grepl 4fc70e
-	ps_process_pattern($1, httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
+	allow $1 bugzilla_script_t:process signal_perms;
Miroslav Grepl 4fc70e
+	ps_process_pattern($1, bugzilla_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		allow $1 httpd_bugzilla_script_t:process ptrace;
Miroslav Grepl 4fc70e
+		allow $1 bugzilla_script_t:process ptrace;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_tmp_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_tmp_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_list_var_lib(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
+	files_list_var_lib(bugzilla_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_script_exec_t)
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_content_t)
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_htaccess_t)
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_ra_content_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_script_exec_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_script_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_content_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_htaccess_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_ra_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_bugzilla_rw_content_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, bugzilla_rw_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/bugzilla.te b/bugzilla.te
Miroslav Grepl 4fc70e
index d9f3061..c62f617 100644
Miroslav Grepl 4fc70e
--- a/bugzilla.te
Miroslav Grepl 4fc70e
+++ b/bugzilla.te
Miroslav Grepl 4fc70e
@@ -6,54 +6,55 @@ policy_module(bugzilla, 1.1.0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(bugzilla, bugzilla)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type httpd_bugzilla_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+type bugzilla_tmp_t alias httpd_bugzilla_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # Local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-allow httpd_bugzilla_script_t self:tcp_socket { accept listen };
Miroslav Grepl 4fc70e
+allow bugzilla_script_t self:tcp_socket { accept listen };
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)
Miroslav Grepl 4fc70e
-files_tmp_filetrans(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, { file dir })
Miroslav Grepl 4fc70e
+manage_dirs_pattern(bugzilla_script_t, bugzilla_tmp_t, bugzilla_tmp_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(bugzilla_script_t, bugzilla_tmp_t, bugzilla_tmp_t)
Miroslav Grepl 4fc70e
+files_tmp_filetrans(bugzilla_script_t, bugzilla_tmp_t, { file dir })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	mta_send_mail(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
+	mta_send_mail(bugzilla_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	mysql_stream_connect(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
-	mysql_tcp_connect(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
+	mysql_stream_connect(bugzilla_script_t)
Miroslav Grepl 4fc70e
+	mysql_tcp_connect(bugzilla_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	postgresql_stream_connect(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
-	postgresql_tcp_connect(httpd_bugzilla_script_t)
Miroslav Grepl 4fc70e
+	postgresql_stream_connect(bugzilla_script_t)
Miroslav Grepl 4fc70e
+	postgresql_tcp_connect(bugzilla_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/collectd.fc b/collectd.fc
Miroslav Grepl 4fc70e
index 2e7d7ed..8d70290 100644
Miroslav Grepl 4fc70e
--- a/collectd.fc
Miroslav Grepl 4fc70e
+++ b/collectd.fc
Miroslav Grepl 4fc70e
@@ -8,4 +8,4 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/run/collectd\.pid	--	gen_context(system_u:object_r:collectd_var_run_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/collectd/collection3/bin/.*\.cgi	--	gen_context(system_u:object_r:httpd_collectd_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/collectd/collection3/bin/.*\.cgi	--	gen_context(system_u:object_r:collectd_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/collectd.te b/collectd.te
Miroslav Grepl 4fc70e
index dc0423c..d078b96 100644
Miroslav Grepl 4fc70e
--- a/collectd.te
Miroslav Grepl 4fc70e
+++ b/collectd.te
Miroslav Grepl 4fc70e
@@ -30,9 +30,10 @@ type collectd_unit_file_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(collectd, collectd)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type httpd_collectd_script_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+type collectd_script_tmp_t alias httpd_collectd_script_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -102,13 +103,13 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)
Miroslav Grepl 4fc70e
-list_dirs_pattern(httpd_collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+read_files_pattern(collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)
Miroslav Grepl 4fc70e
+list_dirs_pattern(collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_collectd_script_t, httpd_collectd_script_tmp_t, httpd_collectd_script_tmp_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_collectd_script_t, httpd_collectd_script_tmp_t, httpd_collectd_script_tmp_t)
Miroslav Grepl 4fc70e
-files_tmp_filetrans(httpd_collectd_script_t, httpd_collectd_script_tmp_t, { file dir })	
Miroslav Grepl 4fc70e
+manage_dirs_pattern(collectd_script_t, collectd_script_tmp_t, collectd_script_tmp_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(collectd_script_t, collectd_script_tmp_t, collectd_script_tmp_t)
Miroslav Grepl 4fc70e
+files_tmp_filetrans(collectd_script_t, collectd_script_tmp_t, { file dir })	
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/cvs.fc b/cvs.fc
Miroslav Grepl 4fc70e
index 75c8be9..e07e602 100644
Miroslav Grepl 4fc70e
--- a/cvs.fc
Miroslav Grepl 4fc70e
+++ b/cvs.fc
Miroslav Grepl 4fc70e
@@ -4,10 +4,10 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/bin/cvs	--	gen_context(system_u:object_r:cvs_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/cvsweb/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/cvsweb/cvsweb\.cgi	--	gen_context(system_u:object_r:cvs_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/cvs(/.*)?	gen_context(system_u:object_r:cvs_data_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/run/cvs\.pid	--	gen_context(system_u:object_r:cvs_var_run_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:cvs_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/cvs.te b/cvs.te
Miroslav Grepl 4fc70e
index f98a932..c3502c3 100644
Miroslav Grepl 4fc70e
--- a/cvs.te
Miroslav Grepl 4fc70e
+++ b/cvs.te
Miroslav Grepl 4fc70e
@@ -125,9 +125,10 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(cvs, cvs)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
Miroslav Grepl 4fc70e
-	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
Miroslav Grepl 4fc70e
+	read_files_pattern(cvs_script_t, cvs_data_t, cvs_data_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern(cvs_script_t, cvs_tmp_t, cvs_tmp_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern(cvs_script_t, cvs_tmp_t, cvs_tmp_t)
Miroslav Grepl 4fc70e
+	files_tmp_filetrans(cvs_script_t, cvs_tmp_t, { file dir })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/dirsrv-admin.fc b/dirsrv-admin.fc
Miroslav Grepl 4fc70e
index 8c44697..5e44c5e 100644
Miroslav Grepl 4fc70e
--- a/dirsrv-admin.fc
Miroslav Grepl 4fc70e
+++ b/dirsrv-admin.fc
Miroslav Grepl 4fc70e
@@ -6,8 +6,8 @@
Miroslav Grepl 4fc70e
 /usr/sbin/start-ds-admin	--	gen_context(system_u:object_r:dirsrvadmin_exec_t,s0)
Miroslav Grepl 4fc70e
 /usr/sbin/stop-ds-admin		--	gen_context(system_u:object_r:dirsrvadmin_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:dirsrvadmin_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?	gen_context(system_u:object_r:dirsrvadmin_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/lib/dirsrv/cgi-bin/ds_create    --  gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)
Miroslav Grepl 4fc70e
 /usr/lib/dirsrv/cgi-bin/ds_remove    --  gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/dirsrv-admin.if b/dirsrv-admin.if
Miroslav Grepl 4fc70e
index 30416f2..e360d38 100644
Miroslav Grepl 4fc70e
--- a/dirsrv-admin.if
Miroslav Grepl 4fc70e
+++ b/dirsrv-admin.if
Miroslav Grepl 4fc70e
@@ -29,13 +29,13 @@ interface(`dirsrvadmin_run_exec',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_dirsrvadmin_script_exec_t;
Miroslav Grepl 4fc70e
+		type dirsrvadmin_script_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_dirsrvadmin_script_exec_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
-	can_exec($1, httpd_dirsrvadmin_script_exec_t)
Miroslav Grepl 4fc70e
+	allow $1 dirsrvadmin_script_exec_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
+	can_exec($1, dirsrvadmin_script_exec_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/dirsrv-admin.te b/dirsrv-admin.te
Miroslav Grepl 4fc70e
index 021c5ae..37afbd4 100644
Miroslav Grepl 4fc70e
--- a/dirsrv-admin.te
Miroslav Grepl 4fc70e
+++ b/dirsrv-admin.te
Miroslav Grepl 4fc70e
@@ -70,59 +70,60 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(dirsrvadmin, dirsrvadmin)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:process { getsched getpgid };
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:capability { fowner fsetid setuid net_bind_service setgid chown sys_nice kill dac_read_search dac_override };
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:tcp_socket create_stream_socket_perms;
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:udp_socket create_socket_perms;
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:unix_dgram_socket create_socket_perms;
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:netlink_route_socket r_netlink_socket_perms;
Miroslav Grepl 4fc70e
-	allow httpd_dirsrvadmin_script_t self:sem create_sem_perms;
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:process { getsched getpgid };
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:capability { fowner fsetid setuid net_bind_service setgid chown sys_nice kill dac_read_search dac_override };
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:tcp_socket create_stream_socket_perms;
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:udp_socket create_socket_perms;
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:unix_dgram_socket create_socket_perms;
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:netlink_route_socket r_netlink_socket_perms;
Miroslav Grepl 4fc70e
+	allow dirsrvadmin_script_t self:sem create_sem_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_lock_t, dirsrvadmin_lock_t)
Miroslav Grepl 4fc70e
-	files_lock_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_lock_t, { file })
Miroslav Grepl 4fc70e
+	manage_files_pattern(dirsrvadmin_script_t, dirsrvadmin_lock_t, dirsrvadmin_lock_t)
Miroslav Grepl 4fc70e
+	files_lock_filetrans(dirsrvadmin_script_t, dirsrvadmin_lock_t, { file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	kernel_read_kernel_sysctls(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	kernel_read_kernel_sysctls(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_tcp_bind_generic_node(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_bind_generic_node(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-	corenet_all_recvfrom_netlabel(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_bind_generic_node(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_bind_generic_node(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_all_recvfrom_netlabel(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_tcp_bind_http_port(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_generic_port(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_ldap_port(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_http_port(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_bind_http_port(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_generic_port(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_ldap_port(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_http_port(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	files_search_var_lib(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_read_config(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+	sysnet_read_config(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
Miroslav Grepl 4fc70e
-	files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
Miroslav Grepl 4fc70e
+	manage_files_pattern(dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern(dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
Miroslav Grepl 4fc70e
+	files_tmp_filetrans(dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		apache_read_modules(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		apache_read_config(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		apache_signal(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		apache_signull(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		apache_read_modules(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		apache_read_config(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		apache_signal(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		apache_signull(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 		# The CGI scripts must be able to manage dirsrv-admin
Miroslav Grepl 4fc70e
-		dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_domtrans(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_signal(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_signull(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_manage_log(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_manage_var_lib(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_manage_var_run(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_manage_config(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
-		dirsrv_read_share(httpd_dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrvadmin_run_exec(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrvadmin_manage_config(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_domtrans(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_signal(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_signull(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_manage_log(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_manage_var_lib(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_pid_filetrans(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_manage_var_run(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_manage_config(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
+		dirsrv_read_share(dirsrvadmin_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/dspam.fc b/dspam.fc
Miroslav Grepl 4fc70e
index 3ea0423..b5fcb77 100644
Miroslav Grepl 4fc70e
--- a/dspam.fc
Miroslav Grepl 4fc70e
+++ b/dspam.fc
Miroslav Grepl 4fc70e
@@ -2,7 +2,7 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/bin/dspam	--	gen_context(system_u:object_r:dspam_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/dspam-web/dspam\.cgi	--	gen_context(system_u:object_r:httpd_dspam_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/dspam-web/dspam\.cgi	--	gen_context(system_u:object_r:dspam_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/dspam(/.*)?	gen_context(system_u:object_r:dspam_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -11,7 +11,7 @@
Miroslav Grepl 4fc70e
 /var/run/dspam(/.*)?	gen_context(system_u:object_r:dspam_var_run_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # web
Miroslav Grepl 4fc70e
-/var/www/dspam/.*\.cgi 	--	gen_context(system_u:object_r:httpd_dspam_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/dspam(/.*?)		gen_context(system_u:object_r:httpd_dspam_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/dspam/.*\.cgi 	--	gen_context(system_u:object_r:dspam_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/dspam(/.*?)		gen_context(system_u:object_r:dspam_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/lib/dspam/data(/.*)?			gen_context(system_u:object_r:httpd_dspam_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/lib/dspam/data(/.*)?			gen_context(system_u:object_r:dspam_rw_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/dspam.te b/dspam.te
Miroslav Grepl 4fc70e
index 37c844b..1ec4d89 100644
Miroslav Grepl 4fc70e
--- a/dspam.te
Miroslav Grepl 4fc70e
+++ b/dspam.te
Miroslav Grepl 4fc70e
@@ -75,29 +75,27 @@ logging_send_syslog_msg(dspam_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(dspam, dspam)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_dspam_script_t, dspam_var_lib_t, dspam_var_lib_t)
Miroslav Grepl 4fc70e
+	read_files_pattern(dspam_script_t, dspam_var_lib_t, dspam_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
-	list_dirs_pattern(dspam_t, httpd_dspam_content_t, httpd_dspam_content_t)
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)
Miroslav Grepl 4fc70e
+	files_search_var_lib(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domain_dontaudit_read_all_domains_state(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	domain_dontaudit_read_all_domains_state(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	term_dontaudit_search_ptys(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
-	term_dontaudit_getattr_all_ttys(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
-	term_dontaudit_getattr_all_ptys(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	term_dontaudit_search_ptys(dspam_script_t)
Miroslav Grepl 4fc70e
+	term_dontaudit_getattr_all_ttys(dspam_script_t)
Miroslav Grepl 4fc70e
+	term_dontaudit_getattr_all_ptys(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	init_read_utmp(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	init_read_utmp(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	logging_send_syslog_msg(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	logging_send_syslog_msg(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	mta_send_mail(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	mta_send_mail(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	    mysql_tcp_connect(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
-	    mysql_stream_connect(httpd_dspam_script_t)
Miroslav Grepl 4fc70e
+	    mysql_tcp_connect(dspam_script_t)
Miroslav Grepl 4fc70e
+	    mysql_stream_connect(dspam_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/git.fc b/git.fc
Miroslav Grepl 4fc70e
index 24700f8..6561d56 100644
Miroslav Grepl 4fc70e
--- a/git.fc
Miroslav Grepl 4fc70e
+++ b/git.fc
Miroslav Grepl 4fc70e
@@ -2,12 +2,12 @@ HOME_DIR/public_git(/.*)?	gen_context(system_u:object_r:git_user_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/libexec/git-core/git-daemon	--	gen_context(system_u:object_r:gitd_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/cache/cgit(/.*)?	gen_context(system_u:object_r:httpd_git_rw_content_t,s0)
Miroslav Grepl 4fc70e
-/var/cache/gitweb-caching(/.*)?	gen_context(system_u:object_r:httpd_git_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/cache/cgit(/.*)?	gen_context(system_u:object_r:git_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/cache/gitweb-caching(/.*)?	gen_context(system_u:object_r:git_rw_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/git(/.*)?	gen_context(system_u:object_r:git_sys_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/git(/.*)?	gen_context(system_u:object_r:httpd_git_content_t,s0)
Miroslav Grepl 4fc70e
-/var/www/git/gitweb\.cgi	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/gitweb-caching/gitweb\.cgi	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:git_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/git(/.*)?	gen_context(system_u:object_r:git_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/git/gitweb\.cgi	--	gen_context(system_u:object_r:git_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/gitweb-caching/gitweb\.cgi	--	gen_context(system_u:object_r:git_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/git.te b/git.te
Miroslav Grepl 4fc70e
index 2609364..d3caffa 100644
Miroslav Grepl 4fc70e
--- a/git.te
Miroslav Grepl 4fc70e
+++ b/git.te
Miroslav Grepl 4fc70e
@@ -75,6 +75,7 @@ attribute git_daemon;
Miroslav Grepl 4fc70e
 attribute_role git_session_roles;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(git, git)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 type git_system_t, git_daemon;
Miroslav Grepl 4fc70e
 type gitd_exec_t;
Miroslav Grepl 4fc70e
@@ -210,48 +211,48 @@ tunable_policy(`git_system_use_nfs',`
Miroslav Grepl 4fc70e
 # CGI policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-list_dirs_pattern(httpd_git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+list_dirs_pattern(git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })
Miroslav Grepl 4fc70e
+read_files_pattern(git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	userdom_search_user_home_dirs(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	userdom_search_user_home_dirs(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 tunable_policy(`git_cgi_enable_homedirs && use_nfs_home_dirs',`
Miroslav Grepl 4fc70e
-	fs_getattr_nfs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_list_nfs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_read_nfs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_getattr_nfs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_list_nfs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_read_nfs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_dontaudit_read_nfs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_dontaudit_read_nfs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 tunable_policy(`git_cgi_enable_homedirs && use_samba_home_dirs',`
Miroslav Grepl 4fc70e
-	fs_getattr_cifs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_list_cifs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_read_cifs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_getattr_cifs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_list_cifs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_read_cifs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_dontaudit_read_cifs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_dontaudit_read_cifs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_getattr_cifs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_list_cifs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_read_cifs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_getattr_cifs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_list_cifs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_read_cifs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_dontaudit_read_cifs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_dontaudit_read_cifs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_getattr_nfs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_list_nfs(httpd_git_script_t)
Miroslav Grepl 4fc70e
-	fs_read_nfs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_getattr_nfs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_list_nfs(git_script_t)
Miroslav Grepl 4fc70e
+	fs_read_nfs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	fs_dontaudit_read_nfs_files(httpd_git_script_t)
Miroslav Grepl 4fc70e
+	fs_dontaudit_read_nfs_files(git_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/lightsquid.fc b/lightsquid.fc
Miroslav Grepl 4fc70e
index 044390c..63e2058 100644
Miroslav Grepl 4fc70e
--- a/lightsquid.fc
Miroslav Grepl 4fc70e
+++ b/lightsquid.fc
Miroslav Grepl 4fc70e
@@ -1,11 +1,11 @@
Miroslav Grepl 4fc70e
 /etc/cron\.daily/lightsquid	--	gen_context(system_u:object_r:lightsquid_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/lib/cgi-bin/lightsquid/.*\.cfg	--	gen_context(system_u:object_r:httpd_lightsquid_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/cgi-bin/lightsquid/.*\.cgi	--	gen_context(system_u:object_r:httpd_lightsquid_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/cgi-bin/lightsquid/.*\.cfg	--	gen_context(system_u:object_r:lightsquid_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/cgi-bin/lightsquid/.*\.cgi	--	gen_context(system_u:object_r:lightsquid_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/lightsquid/cgi/.*\.cgi	--	gen_context(system_u:object_r:httpd_lightsquid_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/lightsquid/cgi/.*\.cgi	--	gen_context(system_u:object_r:lightsquid_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lightsquid(/.*)?	gen_context(system_u:object_r:lightsquid_rw_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/html/lightsquid(/.*)?	gen_context(system_u:object_r:httpd_lightsquid_content_t,s0)
Miroslav Grepl 4fc70e
-/var/www/html/lightsquid/report(/.*)?	gen_context(system_u:object_r:lightsquid_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/html/lightsquid(/.*)?	gen_context(system_u:object_r:lightsquid_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/html/lightsquid/report(/.*)?	gen_context(system_u:object_r:lightsquid_report_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/lightsquid.te b/lightsquid.te
Miroslav Grepl 4fc70e
index 75854ed..6c7855e 100644
Miroslav Grepl 4fc70e
--- a/lightsquid.te
Miroslav Grepl 4fc70e
+++ b/lightsquid.te
Miroslav Grepl 4fc70e
@@ -13,18 +13,18 @@ type lightsquid_exec_t;
Miroslav Grepl 4fc70e
 application_domain(lightsquid_t, lightsquid_exec_t)
Miroslav Grepl 4fc70e
 role lightsquid_roles types lightsquid_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type lightsquid_rw_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+type lightsquid_report_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # Local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
-manage_lnk_files_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
-files_var_filetrans(lightsquid_t, lightsquid_rw_content_t, dir)
Miroslav Grepl 4fc70e
+manage_dirs_pattern(lightsquid_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(lightsquid_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
+manage_lnk_files_pattern(lightsquid_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
+files_var_filetrans(lightsquid_t, lightsquid_report_content_t, dir)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -36,10 +36,11 @@ squid_read_log(lightsquid_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(lightsquid, lightsquid)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	list_dirs_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
Miroslav Grepl 4fc70e
+	list_dirs_pattern(lightsquid_script_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
+	read_files_pattern(lightsquid_script_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern(lightsquid_script_t, lightsquid_report_content_t, lightsquid_report_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/man2html.fc b/man2html.fc
Miroslav Grepl 4fc70e
index 82f6255..3686732 100644
Miroslav Grepl 4fc70e
--- a/man2html.fc
Miroslav Grepl 4fc70e
+++ b/man2html.fc
Miroslav Grepl 4fc70e
@@ -1,5 +1,5 @@
Miroslav Grepl 4fc70e
-/usr/lib/man2html/cgi-bin/man/man2html	--	gen_context(system_u:object_r:httpd_man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/man2html/cgi-bin/man/mansec	--	gen_context(system_u:object_r:httpd_man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/man2html/cgi-bin/man/manwhatis	--	gen_context(system_u:object_r:httpd_man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/man2html/cgi-bin/man/man2html	--	gen_context(system_u:object_r:man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/man2html/cgi-bin/man/mansec	--	gen_context(system_u:object_r:man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/man2html/cgi-bin/man/manwhatis	--	gen_context(system_u:object_r:man2html_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/cache/man2html(/.*)?	gen_context(system_u:object_r:httpd_man2html_script_cache_t,s0)
Miroslav Grepl 4fc70e
+/var/cache/man2html(/.*)?	gen_context(system_u:object_r:man2html_rw_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/man2html.if b/man2html.if
Miroslav Grepl 4fc70e
index fe43dea..53eaf61 100644
Miroslav Grepl 4fc70e
--- a/man2html.if
Miroslav Grepl 4fc70e
+++ b/man2html.if
Miroslav Grepl 4fc70e
@@ -2,7 +2,7 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
-##	Transition to httpd_man2html_script.
Miroslav Grepl 4fc70e
+##	Transition to man2html_script.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
@@ -10,18 +10,18 @@
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_t, httpd_man2html_script_exec_t;
Miroslav Grepl 4fc70e
+		type man2html_script_t, man2html_script_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domtrans_pattern($1, httpd_man2html_script_exec_t, httpd_man2html_script_t)
Miroslav Grepl 4fc70e
+	domtrans_pattern($1, man2html_script_exec_t, man2html_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
-##	Search httpd_man2html_script cache directories.
Miroslav Grepl 4fc70e
+##	Search man2html_script content directories.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ##	<summary>
Miroslav Grepl 4fc70e
@@ -29,18 +29,19 @@ interface(`httpd_man2html_script_domtrans',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
+		type man2html_content_t;
Miroslav Grepl 4fc70e
+		type man2html_rw_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_man2html_script_cache_t:dir search_dir_perms;
Miroslav Grepl 4fc70e
+	allow $1 { man2html_rw_content_t man2html_content_t }:dir search_dir_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
-##	Read httpd_man2html_script cache files.
Miroslav Grepl 4fc70e
+##	Read man2html cache files.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ##	<summary>
Miroslav Grepl 4fc70e
@@ -48,19 +49,22 @@ interface(`httpd_man2html_script_search_cache',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
+		type man2html_content_t;
Miroslav Grepl 4fc70e
+		type man2html_rw_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	read_files_pattern($1, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
+	allow $1 { man2html_rw_content_t man2html_content_t }:dir search_dir_perms;
Miroslav Grepl 4fc70e
+	read_files_pattern($1, man2html_rw_content_t, man2html_rw_content_t)
Miroslav Grepl 4fc70e
+	read_files_pattern($1, man2html_content_t, man2html_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
 ##	Create, read, write, and delete
Miroslav Grepl 4fc70e
-##	httpd_man2html_script cache files.
Miroslav Grepl 4fc70e
+##	man2html content files.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ##	<summary>
Miroslav Grepl 4fc70e
@@ -68,18 +72,21 @@ interface(`httpd_man2html_script_read_cache_files',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
+		type man2html_content_t;
Miroslav Grepl 4fc70e
+		type man2html_rw_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_files_pattern($1, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern($1, man2html_rw_content_t, man2html_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern($1, man2html_content_t, man2html_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
-##	Manage httpd_man2html_script cache dirs.
Miroslav Grepl 4fc70e
+##	Create, read, write, and delete
Miroslav Grepl 4fc70e
+##	man2html content dirs.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ##	<summary>
Miroslav Grepl 4fc70e
@@ -87,20 +94,21 @@ interface(`httpd_man2html_script_manage_cache_files',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
+		type man2html_content_t;
Miroslav Grepl 4fc70e
+		type man2html_rw_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern($1, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern($1, man2html_rw_content_t, man2html_rw_content_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern($1, man2html_content_t, man2html_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
 ##	All of the rules required to administrate
Miroslav Grepl 4fc70e
-##	an httpd_man2html_script environment
Miroslav Grepl 4fc70e
+##	an man2html environment
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ##	<summary>
Miroslav Grepl 4fc70e
@@ -108,17 +116,19 @@ interface(`httpd_man2html_script_manage_cache_dirs',`
Miroslav Grepl 4fc70e
 ##	</summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_t;
Miroslav Grepl 4fc70e
-		type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
+		type man2html_script_t;
Miroslav Grepl 4fc70e
+		type man2html_rw_content_t;
Miroslav Grepl 4fc70e
+		type man2html_content_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_man2html_script_t:process { ptrace signal_perms };
Miroslav Grepl 4fc70e
-	ps_process_pattern($1, httpd_man2html_script_t)
Miroslav Grepl 4fc70e
+	allow $1 man2html_script_t:process { ptrace signal_perms };
Miroslav Grepl 4fc70e
+	ps_process_pattern($1, man2html_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, man2html_content_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, man2html_rw_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/man2html.te b/man2html.te
Miroslav Grepl 4fc70e
index 9e634bd..24b56e9 100644
Miroslav Grepl 4fc70e
--- a/man2html.te
Miroslav Grepl 4fc70e
+++ b/man2html.te
Miroslav Grepl 4fc70e
@@ -6,23 +6,17 @@ policy_module(man2html, 1.0.0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type httpd_man2html_script_cache_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-# httpd_man2html_script local policy
Miroslav Grepl 4fc70e
+# man2html_script local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(man2html, man2html)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_man2html_script_t self:process { fork };
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_man2html_script_t, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_man2html_script_t, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
-	manage_lnk_files_pattern(httpd_man2html_script_t, httpd_man2html_script_cache_t, httpd_man2html_script_cache_t)
Miroslav Grepl 4fc70e
-	files_var_filetrans(httpd_man2html_script_t, httpd_man2html_script_cache_t, { dir file })
Miroslav Grepl 4fc70e
+	allow man2html_script_t self:process fork;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	typealias man2html_rw_content_t alias man2html_script_cache_t;
Miroslav Grepl 4fc70e
+	files_var_filetrans(man2html_script_t, man2html_rw_content_t, { dir file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/mediawiki.fc b/mediawiki.fc
Miroslav Grepl 4fc70e
index 99f7c41..93ec6db 100644
Miroslav Grepl 4fc70e
--- a/mediawiki.fc
Miroslav Grepl 4fc70e
+++ b/mediawiki.fc
Miroslav Grepl 4fc70e
@@ -1,8 +1,8 @@
Miroslav Grepl 4fc70e
-/usr/lib/mediawiki/math/texvc	--	gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/mediawiki/math/texvc_tex	--	gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/mediawiki/math/texvc_tes	--	gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/mediawiki/math/texvc	--	gen_context(system_u:object_r:mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/mediawiki/math/texvc_tex	--	gen_context(system_u:object_r:mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/mediawiki/math/texvc_tes	--	gen_context(system_u:object_r:mediawiki_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/mediawiki(/.*)?	gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mediawiki(/.*)?	gen_context(system_u:object_r:mediawiki_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/wiki(/.*)?	gen_context(system_u:object_r:httpd_mediawiki_rw_content_t,s0)
Miroslav Grepl 4fc70e
-/var/www/wiki/.*\.php	--	gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/wiki(/.*)?	gen_context(system_u:object_r:mediawiki_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/wiki/.*\.php	--	gen_context(system_u:object_r:mediawiki_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/mediawiki.if b/mediawiki.if
Miroslav Grepl 4fc70e
index 1c1d012..9b183e6 100644
Miroslav Grepl 4fc70e
--- a/mediawiki.if
Miroslav Grepl 4fc70e
+++ b/mediawiki.if
Miroslav Grepl 4fc70e
@@ -13,12 +13,12 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-                type httpd_mediawiki_tmp_t;
Miroslav Grepl 4fc70e
+                type mediawiki_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-        read_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+        read_files_pattern($1, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern($1, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -33,8 +33,8 @@ interface(`mediawiki_read_tmp_files',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-                type httpd_mediawiki_tmp_t;
Miroslav Grepl 4fc70e
+                type mediawiki_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-        delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+        delete_files_pattern($1, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/mediawiki.te b/mediawiki.te
Miroslav Grepl 4fc70e
index 212712c..fcbc191 100644
Miroslav Grepl 4fc70e
--- a/mediawiki.te
Miroslav Grepl 4fc70e
+++ b/mediawiki.te
Miroslav Grepl 4fc70e
@@ -5,16 +5,26 @@ policy_module(mediawiki, 1.0.0)
Miroslav Grepl 4fc70e
 # Declarations
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	apache_content_template(mediawiki)
Miroslav Grepl 4fc70e
+type mediawiki_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # Local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_mediawiki_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_template(mediawiki)
Miroslav Grepl 4fc70e
+	apache_content_alias_template(mediawiki, mediawiki)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	manage_dirs_pattern(mediawiki_script_t, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern(mediawiki_script_t, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+	manage_sock_files_pattern(mediawiki_script_t, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+	manage_lnk_files_pattern(mediawiki_script_t, mediawiki_tmp_t, mediawiki_tmp_t)
Miroslav Grepl 4fc70e
+	files_tmp_filetrans(mediawiki_script_t, mediawiki_tmp_t, { file dir lnk_file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	files_search_var_lib(mediawiki_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	miscfiles_read_tetex_data(httpd_mediawiki_script_t)
Miroslav Grepl 4fc70e
+	miscfiles_read_tetex_data(mediawiki_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/mojomojo.fc b/mojomojo.fc
Miroslav Grepl 4fc70e
index 7b827ca..5ee8a0f 100644
Miroslav Grepl 4fc70e
--- a/mojomojo.fc
Miroslav Grepl 4fc70e
+++ b/mojomojo.fc
Miroslav Grepl 4fc70e
@@ -1,5 +1,5 @@
Miroslav Grepl 4fc70e
-/usr/bin/mojomojo_fastcgi\.pl	--	gen_context(system_u:object_r:httpd_mojomojo_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/bin/mojomojo_fastcgi\.pl	--	gen_context(system_u:object_r:mojomojo_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/mojomojo/root(/.*)?	gen_context(system_u:object_r:httpd_mojomojo_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mojomojo/root(/.*)?	gen_context(system_u:object_r:mojomojo_content_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/lib/mojomojo(/.*)?	gen_context(system_u:object_r:httpd_mojomojo_rw_content_t,s0)
Miroslav Grepl 4fc70e
+/var/lib/mojomojo(/.*)?	gen_context(system_u:object_r:mojomojo_rw_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/mojomojo.te b/mojomojo.te
Miroslav Grepl 4fc70e
index 9556487..25d1d33 100644
Miroslav Grepl 4fc70e
--- a/mojomojo.te
Miroslav Grepl 4fc70e
+++ b/mojomojo.te
Miroslav Grepl 4fc70e
@@ -5,8 +5,8 @@ policy_module(mojomojo, 1.1.0)
Miroslav Grepl 4fc70e
 # Declarations
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type httpd_mojomojo_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+type mojomojo_tmp_t alias httpd_mojomojo_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -15,31 +15,30 @@ files_tmp_file(httpd_mojomojo_tmp_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(mojomojo, mojomojo)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_mojomojo_script_t httpd_t:unix_stream_socket rw_stream_socket_perms;
Miroslav Grepl 4fc70e
+	manage_dirs_pattern(mojomojo_script_t, mojomojo_tmp_t, mojomojo_tmp_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern(mojomojo_script_t, mojomojo_tmp_t, mojomojo_tmp_t)
Miroslav Grepl 4fc70e
+	files_tmp_filetrans(mojomojo_script_t, mojomojo_tmp_t, { file dir })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, httpd_mojomojo_tmp_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, httpd_mojomojo_tmp_t)
Miroslav Grepl 4fc70e
-	files_tmp_filetrans(httpd_mojomojo_script_t, httpd_mojomojo_tmp_t, { file dir })
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_postgresql_port(mojomojo_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_mysqld_port(mojomojo_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_smtp_port(mojomojo_script_t)
Miroslav Grepl 4fc70e
+	corenet_sendrecv_postgresql_client_packets(mojomojo_script_t)
Miroslav Grepl 4fc70e
+	corenet_sendrecv_mysqld_client_packets(mojomojo_script_t)
Miroslav Grepl 4fc70e
+	corenet_sendrecv_smtp_client_packets(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_postgresql_port(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_mysqld_port(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_smtp_port(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
-	corenet_sendrecv_postgresql_client_packets(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
-	corenet_sendrecv_mysqld_client_packets(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
-	corenet_sendrecv_smtp_client_packets(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
+	files_search_var_lib(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
+	sysnet_dns_name_resolve(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_dns_name_resolve(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	mta_send_mail(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
+	mta_send_mail(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		mysql_stream_connect(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
+		mysql_stream_connect(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		postgresql_stream_connect(httpd_mojomojo_script_t)
Miroslav Grepl 4fc70e
+		postgresql_stream_connect(mojomojo_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/munin.fc b/munin.fc
Miroslav Grepl 4fc70e
index 4968324..af28bb5 100644
Miroslav Grepl 4fc70e
--- a/munin.fc
Miroslav Grepl 4fc70e
+++ b/munin.fc
Miroslav Grepl 4fc70e
@@ -73,7 +73,7 @@
Miroslav Grepl 4fc70e
 /var/lib/munin/plugin-state(/.*)?	gen_context(system_u:object_r:munin_plugin_state_t,s0)
Miroslav Grepl 4fc70e
 /var/log/munin.*			gen_context(system_u:object_r:munin_log_t,s0)
Miroslav Grepl 4fc70e
 /var/run/munin(/.*)?			gen_context(system_u:object_r:munin_var_run_t,s0)
Miroslav Grepl 4fc70e
-/var/www/html/munin(/.*)?		gen_context(system_u:object_r:httpd_munin_content_t,s0)
Miroslav Grepl 4fc70e
-/var/www/html/munin/cgi(/.*)?	gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/html/cgi/munin.*       gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/cgi-bin/munin.*		gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/html/munin(/.*)?		gen_context(system_u:object_r:munin_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/html/munin/cgi(/.*)?		gen_context(system_u:object_r:munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/html/cgi/munin.*       	gen_context(system_u:object_r:munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/cgi-bin/munin.*		gen_context(system_u:object_r:munin_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/munin.if b/munin.if
Miroslav Grepl 4fc70e
index 4c1b6a8..900d083 100644
Miroslav Grepl 4fc70e
--- a/munin.if
Miroslav Grepl 4fc70e
+++ b/munin.if
Miroslav Grepl 4fc70e
@@ -209,7 +209,7 @@ interface(`munin_admin',`
Miroslav Grepl 4fc70e
 		attribute munin_plugin_domain, munin_plugin_tmp_content;
Miroslav Grepl 4fc70e
 		type munin_t, munin_etc_t, munin_tmp_t;
Miroslav Grepl 4fc70e
 		type munin_log_t, munin_var_lib_t, munin_var_run_t;
Miroslav Grepl 4fc70e
-		type httpd_munin_content_t, munin_plugin_state_t, munin_initrc_exec_t;
Miroslav Grepl 4fc70e
+		type munin_content_t, munin_plugin_state_t, munin_initrc_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	allow $1 munin_t:process signal_perms;
Miroslav Grepl 4fc70e
@@ -239,5 +239,5 @@ interface(`munin_admin',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	admin_pattern($1, munin_var_run_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	admin_pattern($1, httpd_munin_content_t)
Miroslav Grepl 4fc70e
+	admin_pattern($1, munin_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/munin.te b/munin.te
Miroslav Grepl 4fc70e
index cead88c..16b96d0 100644
Miroslav Grepl 4fc70e
--- a/munin.te
Miroslav Grepl 4fc70e
+++ b/munin.te
Miroslav Grepl 4fc70e
@@ -44,8 +44,8 @@ files_tmpfs_file(services_munin_plugin_tmpfs_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-type httpd_munin_script_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+type munin_script_tmp_t alias httpd_munin_script_tmp_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -435,22 +435,23 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(munin, munin)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
Miroslav Grepl 4fc70e
+manage_dirs_pattern(munin_t, munin_content_t, munin_content_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(munin_t, munin_content_t, munin_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_munin_script_t, httpd_munin_script_tmp_t, httpd_munin_script_tmp_t)
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_munin_script_t, httpd_munin_script_tmp_t,httpd_munin_script_tmp_t)
Miroslav Grepl 4fc70e
+manage_dirs_pattern(munin_script_t, munin_script_tmp_t, munin_script_tmp_t)
Miroslav Grepl 4fc70e
+manage_files_pattern(munin_script_t, munin_script_tmp_t,munin_script_tmp_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_munin_script_t, munin_var_lib_t, munin_var_lib_t)
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_munin_script_t, munin_etc_t, munin_etc_t)
Miroslav Grepl 4fc70e
+read_files_pattern(munin_script_t, munin_var_lib_t, munin_var_lib_t)
Miroslav Grepl 4fc70e
+read_files_pattern(munin_script_t, munin_etc_t, munin_etc_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-read_files_pattern(httpd_munin_script_t, munin_log_t, munin_log_t)
Miroslav Grepl 4fc70e
-append_files_pattern(httpd_munin_script_t, munin_log_t, munin_log_t)
Miroslav Grepl 4fc70e
+read_files_pattern(munin_script_t, munin_log_t, munin_log_t)
Miroslav Grepl 4fc70e
+append_files_pattern(munin_script_t, munin_log_t, munin_log_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/mythtv.fc b/mythtv.fc
Miroslav Grepl 4fc70e
index 3a1c423..d62cf88 100644
Miroslav Grepl 4fc70e
--- a/mythtv.fc
Miroslav Grepl 4fc70e
+++ b/mythtv.fc
Miroslav Grepl 4fc70e
@@ -1,9 +1,9 @@
Miroslav Grepl 4fc70e
-/usr/share/mythweb/mythweb\.pl	--	gen_context(system_u:object_r:httpd_mythtv_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mythweb/mythweb\.pl	--	gen_context(system_u:object_r:mythtv_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/mythtv(/.*)?	gen_context(system_u:object_r:mythtv_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/log/mythtv(/.*)?	gen_context(system_u:object_r:mythtv_var_log_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/mythtv(/.*)?		gen_context(system_u:object_r:httpd_mythtv_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/mythweb(/.*)?	gen_context(system_u:object_r:httpd_mythtv_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:httpd_mythtv_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mythtv(/.*)?		gen_context(system_u:object_r:mythtv_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mythweb(/.*)?	gen_context(system_u:object_r:mythtv_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/mythtv/mythweather/scripts(/.*)? gen_context(system_u:object_r:mythtv_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/mythtv.if b/mythtv.if
Miroslav Grepl 4fc70e
index 171f666..e2403dd 100644
Miroslav Grepl 4fc70e
--- a/mythtv.if
Miroslav Grepl 4fc70e
+++ b/mythtv.if
Miroslav Grepl 4fc70e
@@ -1,9 +1,9 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-## <summary>policy for httpd_mythtv_script</summary>
Miroslav Grepl 4fc70e
+## <summary>policy for mythtv_script</summary>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
-##	Execute TEMPLATE in the httpd_mythtv_script domin.
Miroslav Grepl 4fc70e
+##	Execute TEMPLATE in the mythtv_script domin.
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## <param name="domain">
Miroslav Grepl 4fc70e
 ## <summary>
Miroslav Grepl 4fc70e
@@ -11,13 +11,13 @@
Miroslav Grepl 4fc70e
 ## </summary>
Miroslav Grepl 4fc70e
 ## </param>
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_mythtv_script_t, httpd_mythtv_script_exec_t;
Miroslav Grepl 4fc70e
+		type mythtv_script_t, mythtv_script_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domtrans_pattern($1, httpd_mythtv_script_exec_t, httpd_mythtv_script_t)
Miroslav Grepl 4fc70e
+	domtrans_pattern($1, mythtv_script_exec_t, mythtv_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -133,15 +133,15 @@ interface(`mythtv_manage_log',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		type httpd_mythtv_script_t, mythtv_var_lib_t;
Miroslav Grepl 4fc70e
+		type mythtv_script_t, mythtv_var_lib_t;
Miroslav Grepl 4fc70e
 		type mythtv_var_log_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow $1 httpd_mythtv_script_t:process signal_perms;
Miroslav Grepl 4fc70e
-	ps_process_pattern($1, httpd_mythtv_script_t)
Miroslav Grepl 4fc70e
+	allow $1 mythtv_script_t:process signal_perms;
Miroslav Grepl 4fc70e
+	ps_process_pattern($1, mythtv_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		allow $1 httpd_mythtv_script_t:process ptrace;
Miroslav Grepl 4fc70e
+		allow $1 mythtv_script_t:process ptrace;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/mythtv.te b/mythtv.te
Miroslav Grepl 4fc70e
index 90129ac..7a4910c 100644
Miroslav Grepl 4fc70e
--- a/mythtv.te
Miroslav Grepl 4fc70e
+++ b/mythtv.te
Miroslav Grepl 4fc70e
@@ -6,6 +6,7 @@ policy_module(mythtv, 1.0.0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(mythtv, mythtv)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 type mythtv_var_lib_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -15,27 +16,27 @@ logging_log_file(mythtv_var_log_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-# httpd_mythtv_script local policy
Miroslav Grepl 4fc70e
+# mythtv_script local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
Miroslav Grepl 4fc70e
-files_var_lib_filetrans(httpd_mythtv_script_t, mythtv_var_lib_t, { dir file })
Miroslav Grepl 4fc70e
+manage_files_pattern(mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
Miroslav Grepl 4fc70e
+manage_dirs_pattern(mythtv_script_t, mythtv_var_lib_t, mythtv_var_lib_t)
Miroslav Grepl 4fc70e
+files_var_lib_filetrans(mythtv_script_t, mythtv_var_lib_t, { dir file })
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-manage_files_pattern(httpd_mythtv_script_t, mythtv_var_log_t, mythtv_var_log_t)
Miroslav Grepl 4fc70e
-manage_dirs_pattern(httpd_mythtv_script_t, mythtv_var_log_t, mythtv_var_log_t)
Miroslav Grepl 4fc70e
-logging_log_filetrans(httpd_mythtv_script_t, mythtv_var_log_t, file )
Miroslav Grepl 4fc70e
+manage_files_pattern(mythtv_script_t, mythtv_var_log_t, mythtv_var_log_t)
Miroslav Grepl 4fc70e
+manage_dirs_pattern(mythtv_script_t, mythtv_var_log_t, mythtv_var_log_t)
Miroslav Grepl 4fc70e
+logging_log_filetrans(mythtv_script_t, mythtv_var_log_t, file )
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	mysql_read_config(httpd_mythtv_script_t)
Miroslav Grepl 4fc70e
-	mysql_stream_connect(httpd_mythtv_script_t)
Miroslav Grepl 4fc70e
-	mysql_tcp_connect(httpd_mythtv_script_t)
Miroslav Grepl 4fc70e
+	mysql_read_config(mythtv_script_t)
Miroslav Grepl 4fc70e
+	mysql_stream_connect(mythtv_script_t)
Miroslav Grepl 4fc70e
+	mysql_tcp_connect(mythtv_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/nagios.fc b/nagios.fc
Miroslav Grepl 4fc70e
index a00cc2d..24a2dec 100644
Miroslav Grepl 4fc70e
--- a/nagios.fc
Miroslav Grepl 4fc70e
+++ b/nagios.fc
Miroslav Grepl 4fc70e
@@ -6,8 +6,8 @@
Miroslav Grepl 4fc70e
 /usr/s?bin/nagios				--	gen_context(system_u:object_r:nagios_exec_t,s0)
Miroslav Grepl 4fc70e
 /usr/s?bin/nrpe					--	gen_context(system_u:object_r:nrpe_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/lib/cgi-bin/netsaint(/.*)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/nagios/cgi(/.*)?				gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/cgi-bin/netsaint(/.*)?			gen_context(system_u:object_r:nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/nagios/cgi(/.*)?				gen_context(system_u:object_r:nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/log/nagios(/.*)?					gen_context(system_u:object_r:nagios_log_t,s0)
Miroslav Grepl 4fc70e
 /var/log/netsaint(/.*)?					gen_context(system_u:object_r:nagios_log_t,s0)
Miroslav Grepl 4fc70e
@@ -19,8 +19,8 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/sbin/nagios				--	gen_context(system_u:object_r:nagios_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/lib/cgi-bin/nagios(/.+)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/lib/nagios/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/cgi-bin/nagios(/.+)?			gen_context(system_u:object_r:nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/nagios/cgi-bin(/.*)?			gen_context(system_u:object_r:nagios_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # admin plugins
Miroslav Grepl 4fc70e
 /usr/lib/nagios/plugins/check_file_age	--	gen_context(system_u:object_r:nagios_admin_plugin_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/nagios.te b/nagios.te
Miroslav Grepl 4fc70e
index f565a0e..1726e88 100644
Miroslav Grepl 4fc70e
--- a/nagios.te
Miroslav Grepl 4fc70e
+++ b/nagios.te
Miroslav Grepl 4fc70e
@@ -186,33 +186,34 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	typealias httpd_nagios_script_t alias nagios_cgi_t;
Miroslav Grepl 4fc70e
-	typealias httpd_nagios_script_exec_t alias nagios_cgi_exec_t;
Miroslav Grepl 4fc70e
+	apache_content_alias_template(nagios, nagios)
Miroslav Grepl 4fc70e
+	typealias nagios_script_t alias nagios_cgi_t;
Miroslav Grepl 4fc70e
+	typealias nagios_script_exec_t alias nagios_cgi_exec_t;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_nagios_script_t self:process signal_perms;
Miroslav Grepl 4fc70e
+	allow nagios_script_t self:process signal_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
Miroslav Grepl 4fc70e
+	read_files_pattern(nagios_script_t, nagios_t, nagios_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern(nagios_script_t, nagios_t, nagios_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_nagios_script_t nagios_etc_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
-	allow httpd_nagios_script_t nagios_etc_t:file read_file_perms;
Miroslav Grepl 4fc70e
-	allow httpd_nagios_script_t nagios_etc_t:lnk_file read_lnk_file_perms;
Miroslav Grepl 4fc70e
+	allow nagios_script_t nagios_etc_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
+	allow nagios_script_t nagios_etc_t:file read_file_perms;
Miroslav Grepl 4fc70e
+	allow nagios_script_t nagios_etc_t:lnk_file read_lnk_file_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_spool(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
-	rw_fifo_files_pattern(httpd_nagios_script_t, nagios_spool_t, nagios_spool_t)
Miroslav Grepl 4fc70e
+	files_search_spool(nagios_script_t)
Miroslav Grepl 4fc70e
+	rw_fifo_files_pattern(nagios_script_t, nagios_spool_t, nagios_spool_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_nagios_script_t nagios_log_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
Miroslav Grepl 4fc70e
-	read_lnk_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
Miroslav Grepl 4fc70e
+	allow nagios_script_t nagios_log_t:dir list_dir_perms;
Miroslav Grepl 4fc70e
+	read_files_pattern(nagios_script_t, nagios_etc_t, nagios_log_t)
Miroslav Grepl 4fc70e
+	read_lnk_files_pattern(nagios_script_t, nagios_etc_t, nagios_log_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	kernel_read_system_state(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
+	kernel_read_system_state(nagios_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domain_dontaudit_read_all_domains_state(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
+	domain_dontaudit_read_all_domains_state(nagios_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_read_etc_runtime_files(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
-	files_read_kernel_symbol_table(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
+	files_read_etc_runtime_files(nagios_script_t)
Miroslav Grepl 4fc70e
+	files_read_kernel_symbol_table(nagios_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	logging_send_syslog_msg(httpd_nagios_script_t)
Miroslav Grepl 4fc70e
+	logging_send_syslog_msg(nagios_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/nut.fc b/nut.fc
Miroslav Grepl 4fc70e
index 41ff159..fac7d7b 100644
Miroslav Grepl 4fc70e
--- a/nut.fc
Miroslav Grepl 4fc70e
+++ b/nut.fc
Miroslav Grepl 4fc70e
@@ -11,6 +11,6 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/run/nut(/.*)?	gen_context(system_u:object_r:nut_var_run_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/nut-cgi-bin/upsimage\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
-/var/www/nut-cgi-bin/upsstats\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/nut-cgi-bin/upsimage\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/var/www/nut-cgi-bin/upsstats\.cgi -- gen_context(system_u:object_r:nutups_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/nut.te b/nut.te
Miroslav Grepl 4fc70e
index 1701352..249224e 100644
Miroslav Grepl 4fc70e
--- a/nut.te
Miroslav Grepl 4fc70e
+++ b/nut.te
Miroslav Grepl 4fc70e
@@ -166,17 +166,18 @@ logging_send_syslog_msg(nut_upsdrvctl_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(nutups_cgi,nutups_cgi)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	read_files_pattern(httpd_nutups_cgi_script_t, nut_conf_t, nut_conf_t)
Miroslav Grepl 4fc70e
+	read_files_pattern(nutups_cgi_script_t, nut_conf_t, nut_conf_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_all_recvfrom_netlabel(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_ups_port(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_generic_if(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_generic_node(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
-	corenet_udp_sendrecv_all_ports(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_all_recvfrom_netlabel(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_if(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_node(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_all_ports(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_ups_port(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_generic_if(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_generic_node(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	corenet_udp_sendrecv_all_ports(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_dns_name_resolve(httpd_nutups_cgi_script_t)
Miroslav Grepl 4fc70e
+	sysnet_dns_name_resolve(nutups_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/openshift.fc b/openshift.fc
Miroslav Grepl 4fc70e
index f2d6119..71ba1bd 100644
Miroslav Grepl 4fc70e
--- a/openshift.fc
Miroslav Grepl 4fc70e
+++ b/openshift.fc
Miroslav Grepl 4fc70e
@@ -18,7 +18,7 @@
Miroslav Grepl 4fc70e
 /usr/s?bin/(oo|rhc)-cgroup-read        --    gen_context(system_u:object_r:openshift_cgroup_read_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/s?bin/(oo|rhc)-restorer           --    gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
Miroslav Grepl 4fc70e
-/usr/s?bin/(oo|rhc)-restorer-wrapper.sh    --  gen_context(system_u:object_r:httpd_openshift_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/s?bin/(oo|rhc)-restorer-wrapper.sh    --  gen_context(system_u:object_r:openshift_script_exec_t,s0)
Miroslav Grepl 4fc70e
 /usr/s?bin/oo-admin-ctl-gears	--	gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
Miroslav Grepl 4fc70e
 /usr/s?bin/mcollectived			--		gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/openshift.te b/openshift.te
Miroslav Grepl 4fc70e
index cd25e8e..7965e82 100644
Miroslav Grepl 4fc70e
--- a/openshift.te
Miroslav Grepl 4fc70e
+++ b/openshift.te
Miroslav Grepl 4fc70e
@@ -294,13 +294,14 @@ optional_policy(`
Miroslav Grepl 4fc70e
 	# openshift cgi script policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	domtrans_pattern(httpd_openshift_script_t, openshift_initrc_exec_t, openshift_initrc_t)
Miroslav Grepl 4fc70e
+	apache_content_alias_template(openshift, openshift)
Miroslav Grepl 4fc70e
+	domtrans_pattern(openshift_script_t, openshift_initrc_exec_t, openshift_initrc_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		dbus_system_bus_client(httpd_openshift_script_t)
Miroslav Grepl 4fc70e
+		dbus_system_bus_client(openshift_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-			oddjob_dbus_chat(httpd_openshift_script_t)
Miroslav Grepl 4fc70e
+			oddjob_dbus_chat(openshift_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/pki.if b/pki.if
Miroslav Grepl 4fc70e
index b975b85..798efb6 100644
Miroslav Grepl 4fc70e
--- a/pki.if
Miroslav Grepl 4fc70e
+++ b/pki.if
Miroslav Grepl 4fc70e
@@ -134,13 +134,6 @@ template(`pki_apache_template',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# need to resolve addresses?
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		#pki_apache_domain_signal(httpd_t)
Miroslav Grepl 4fc70e
-		#pki_apache_domain_signal(httpd_t)
Miroslav Grepl 4fc70e
-		#pki_manage_apache_run(httpd_t)
Miroslav Grepl 4fc70e
-		#pki_manage_apache_config_files(httpd_t)
Miroslav Grepl 4fc70e
-		#pki_manage_apache_log_files(httpd_t)
Miroslav Grepl 4fc70e
-		#pki_manage_apache_lib(httpd_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/pki.te b/pki.te
Miroslav Grepl 4fc70e
index 17f5d18..d656f71 100644
Miroslav Grepl 4fc70e
--- a/pki.te
Miroslav Grepl 4fc70e
+++ b/pki.te
Miroslav Grepl 4fc70e
@@ -43,7 +43,6 @@ typealias pki_tomcat_etc_rw_t alias { pki_ca_etc_rw_t pki_kra_etc_rw_t pki_ocsp_
Miroslav Grepl 4fc70e
 typealias pki_tomcat_var_lib_t alias { pki_ca_var_lib_t pki_kra_var_lib_t pki_ocsp_var_lib_t pki_tks_var_lib_t };
Miroslav Grepl 4fc70e
 typealias pki_tomcat_var_run_t alias { pki_ca_var_run_t pki_kra_var_run_t pki_ocsp_var_run_t pki_tks_var_run_t };
Miroslav Grepl 4fc70e
 typealias pki_tomcat_log_t alias { pki_ca_log_t pki_kra_log_t pki_ocsp_log_t pki_tks_log_t };
Miroslav Grepl 4fc70e
-# typealias http_port_t alias { pki_ca_port_t pki_kra_port_t pki_ocsp_port_t pki_tks_port_t };
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # pki policy types
Miroslav Grepl 4fc70e
@@ -126,10 +125,6 @@ miscfiles_read_hwdata(pki_tomcat_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-# forward proxy
Miroslav Grepl 4fc70e
-# need to define ports to fix this
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # for crl publishing
Miroslav Grepl 4fc70e
 allow pki_tomcat_t pki_tomcat_var_lib_t:lnk_file { rename create unlink };
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
@@ -166,9 +161,6 @@ corenet_tcp_connect_pki_tks_port(pki_tps_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-# why do I need to add this?
Miroslav Grepl 4fc70e
-#allow httpd_t httpd_config_t:file execute;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # ra local policy
Miroslav Grepl 4fc70e
@@ -268,13 +260,8 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-    apache_exec_suexec(pki_apache_domain)
Miroslav Grepl 4fc70e
+	apache_exec_suexec(pki_apache_domain)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	# should be started using a script which will execute httpd
Miroslav Grepl 4fc70e
-	# start up httpd in pki_apache_domain mode
Miroslav Grepl 4fc70e
-	#can_exec(pki_apache_domain, httpd_config_t)
Miroslav Grepl 4fc70e
-	#can_exec(pki_apache_domain, httpd_suexec_exec_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # allow rpm -q in init scripts
Miroslav Grepl 4fc70e
diff --git a/prelude.fc b/prelude.fc
Miroslav Grepl 4fc70e
index 8dbc763..b580f85 100644
Miroslav Grepl 4fc70e
--- a/prelude.fc
Miroslav Grepl 4fc70e
+++ b/prelude.fc
Miroslav Grepl 4fc70e
@@ -12,7 +12,7 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/sbin/audisp-prelude	--	gen_context(system_u:object_r:prelude_audisp_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/prewikka/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_prewikka_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/prewikka/cgi-bin(/.*)?	gen_context(system_u:object_r:prewikka_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/prelude-lml(/.*)?	gen_context(system_u:object_r:prelude_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/prelude.te b/prelude.te
Miroslav Grepl 4fc70e
index 509fd0a..e1f4f70 100644
Miroslav Grepl 4fc70e
--- a/prelude.te
Miroslav Grepl 4fc70e
+++ b/prelude.te
Miroslav Grepl 4fc70e
@@ -265,27 +265,28 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(prewikka, prewikka)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
Miroslav Grepl 4fc70e
+	can_exec(prewikka_script_t, prewikka_script_exec_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_tmp(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+	files_search_tmp(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	kernel_read_sysctl(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
-	kernel_search_network_sysctl(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+	kernel_read_sysctl(prewikka_script_t)
Miroslav Grepl 4fc70e
+	kernel_search_network_sysctl(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	auth_use_nsswitch(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+	auth_use_nsswitch(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	logging_send_syslog_msg(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+	logging_send_syslog_msg(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	apache_search_sys_content(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+	apache_search_sys_content(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		mysql_stream_connect(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
-		mysql_tcp_connect(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+		mysql_stream_connect(prewikka_script_t)
Miroslav Grepl 4fc70e
+		mysql_tcp_connect(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		postgresql_stream_connect(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
-		postgresql_tcp_connect(httpd_prewikka_script_t)
Miroslav Grepl 4fc70e
+		postgresql_stream_connect(prewikka_script_t)
Miroslav Grepl 4fc70e
+		postgresql_tcp_connect(prewikka_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/smokeping.fc b/smokeping.fc
Miroslav Grepl 4fc70e
index 3359819..a231ecb 100644
Miroslav Grepl 4fc70e
--- a/smokeping.fc
Miroslav Grepl 4fc70e
+++ b/smokeping.fc
Miroslav Grepl 4fc70e
@@ -2,7 +2,7 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/sbin/smokeping	--	gen_context(system_u:object_r:smokeping_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/smokeping/cgi(/.*)?	gen_context(system_u:object_r:httpd_smokeping_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/smokeping/cgi(/.*)?	gen_context(system_u:object_r:smokeping_cgi_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/smokeping(/.*)?	gen_context(system_u:object_r:smokeping_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/smokeping.te b/smokeping.te
Miroslav Grepl 4fc70e
index ebf575f..26b6da1 100644
Miroslav Grepl 4fc70e
--- a/smokeping.te
Miroslav Grepl 4fc70e
+++ b/smokeping.te
Miroslav Grepl 4fc70e
@@ -58,19 +58,20 @@ netutils_domtrans_ping(smokeping_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(smokeping_cgi, smokeping_cgi)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
Miroslav Grepl 4fc70e
+	manage_dirs_pattern(smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
Miroslav Grepl 4fc70e
+	manage_files_pattern(smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
Miroslav Grepl 4fc70e
+	getattr_files_pattern(smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_read_etc_files(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
-	files_search_tmp(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	files_read_etc_files(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	files_search_tmp(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	files_search_var_lib(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	auth_read_passwd(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	auth_read_passwd(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	sysnet_dns_name_resolve(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	netutils_domtrans_ping(httpd_smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
+	netutils_domtrans_ping(smokeping_cgi_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/squid.fc b/squid.fc
Miroslav Grepl 4fc70e
index ebbec17..5b066d3 100644
Miroslav Grepl 4fc70e
--- a/squid.fc
Miroslav Grepl 4fc70e
+++ b/squid.fc
Miroslav Grepl 4fc70e
@@ -2,14 +2,14 @@
Miroslav Grepl 4fc70e
 /etc/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
Miroslav Grepl 4fc70e
 /etc/lightsquid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/lib/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:squid_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/sbin/lightparser.pl --	gen_context(system_u:object_r:squid_cron_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/sbin/squid	--	gen_context(system_u:object_r:squid_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/share/squid(/.*)?	gen_context(system_u:object_r:squid_conf_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/lightsquid/cgi(/.*)? gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/lightsquid/cgi(/.*)? gen_context(system_u:object_r:squid_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/cache/squid(/.*)?	gen_context(system_u:object_r:squid_cache_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/squid.te b/squid.te
Miroslav Grepl 4fc70e
index 7cb8bec..4ade5f1 100644
Miroslav Grepl 4fc70e
--- a/squid.te
Miroslav Grepl 4fc70e
+++ b/squid.te
Miroslav Grepl 4fc70e
@@ -201,24 +201,25 @@ tunable_policy(`squid_use_tproxy',`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(squid, squid)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	allow httpd_squid_script_t self:tcp_socket create_socket_perms;
Miroslav Grepl 4fc70e
+	allow squid_script_t self:tcp_socket create_socket_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_all_recvfrom_unlabeled(httpd_squid_script_t)
Miroslav Grepl 4fc70e
-	corenet_all_recvfrom_netlabel(httpd_squid_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_if(httpd_squid_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_generic_node(httpd_squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_all_recvfrom_unlabeled(squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_all_recvfrom_netlabel(squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_if(squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_generic_node(squid_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_sendrecv_http_cache_client_packets(httpd_squid_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_http_cache_port(httpd_squid_script_t)
Miroslav Grepl 4fc70e
-	corenet_tcp_sendrecv_http_cache_port(httpd_squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_sendrecv_http_cache_client_packets(squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_http_cache_port(squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_sendrecv_http_cache_port(squid_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	corenet_tcp_connect_squid_port(httpd_squid_script_t)
Miroslav Grepl 4fc70e
+	corenet_tcp_connect_squid_port(squid_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	sysnet_dns_name_resolve(httpd_squid_script_t)
Miroslav Grepl 4fc70e
+	sysnet_dns_name_resolve(squid_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-		squid_read_config(httpd_squid_script_t)
Miroslav Grepl 4fc70e
+		squid_read_config(squid_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/w3c.fc b/w3c.fc
Miroslav Grepl 4fc70e
index 463c799..227feaf 100644
Miroslav Grepl 4fc70e
--- a/w3c.fc
Miroslav Grepl 4fc70e
+++ b/w3c.fc
Miroslav Grepl 4fc70e
@@ -1,4 +1,4 @@
Miroslav Grepl 4fc70e
-/usr/lib/cgi-bin/check	--	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/lib/cgi-bin/check	--	gen_context(system_u:object_r:w3c_validator_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/share/w3c-markup-validator(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
Miroslav Grepl 4fc70e
-/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/w3c-markup-validator(/.*)?	gen_context(system_u:object_r:w3c_validator_content_t,s0)
Miroslav Grepl 4fc70e
+/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:w3c_validator_script_exec_t,s0)
Miroslav Grepl 4fc70e
diff --git a/w3c.te b/w3c.te
Miroslav Grepl 4fc70e
index b14d6a9..ac1944e 100644
Miroslav Grepl 4fc70e
--- a/w3c.te
Miroslav Grepl 4fc70e
+++ b/w3c.te
Miroslav Grepl 4fc70e
@@ -6,29 +6,30 @@ policy_module(w3c, 1.1.0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+apache_content_alias_template(w3c_validator, w3c_validator)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 # Local policy
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/webalizer.fc b/webalizer.fc
Miroslav Grepl 4fc70e
index 64baf67..76c753b 100644
Miroslav Grepl 4fc70e
--- a/webalizer.fc
Miroslav Grepl 4fc70e
+++ b/webalizer.fc
Miroslav Grepl 4fc70e
@@ -6,4 +6,4 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/webalizer(/.*)?	gen_context(system_u:object_r:webalizer_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/var/www/usage(/.*)?	gen_context(system_u:object_r:httpd_webalizer_content_t,s0)
Miroslav Grepl 4fc70e
+/var/www/usage(/.*)?	gen_context(system_u:object_r:webalizer_rw_content_t,s0)
Miroslav Grepl 4fc70e
diff --git a/webalizer.te b/webalizer.te
Miroslav Grepl 4fc70e
index e0b1983..32cbf8c 100644
Miroslav Grepl 4fc70e
--- a/webalizer.te
Miroslav Grepl 4fc70e
+++ b/webalizer.te
Miroslav Grepl 4fc70e
@@ -83,9 +83,8 @@ userdom_dontaudit_search_user_home_content(webalizer_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(webalizer, webalizer)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_dirs_pattern(webalizer_t, httpd_webalizer_content_t, httpd_webalizer_content_t)
Miroslav Grepl 4fc70e
-	manage_files_pattern(webalizer_t, httpd_webalizer_content_t, httpd_webalizer_content_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/zoneminder.fc b/zoneminder.fc
Miroslav Grepl 4fc70e
index 8c61505..ceaa219 100644
Miroslav Grepl 4fc70e
--- a/zoneminder.fc
Miroslav Grepl 4fc70e
+++ b/zoneminder.fc
Miroslav Grepl 4fc70e
@@ -4,7 +4,7 @@
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /usr/lib/systemd/system/zoneminder.* --  gen_context(system_u:object_r:zoneminder_unit_file_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-/usr/libexec/zoneminder/cgi-bin(/.*)? 	gen_context(system_u:object_r:httpd_zoneminder_script_exec_t,s0)
Miroslav Grepl 4fc70e
+/usr/libexec/zoneminder/cgi-bin(/.*)? 	gen_context(system_u:object_r:zoneminder_script_exec_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 /var/lib/zoneminder(/.*)?		gen_context(system_u:object_r:zoneminder_var_lib_t,s0)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
diff --git a/zoneminder.te b/zoneminder.te
Miroslav Grepl 4fc70e
index add28f7..b66e76d 100644
Miroslav Grepl 4fc70e
--- a/zoneminder.te
Miroslav Grepl 4fc70e
+++ b/zoneminder.te
Miroslav Grepl 4fc70e
@@ -164,24 +164,24 @@ optional_policy(`
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
+	apache_content_alias_template(zoneminder, zoneminder)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
 	# need more testing
Miroslav Grepl 4fc70e
-	#allow httpd_zoneminder_script_t self:shm create_shm_perms;
Miroslav Grepl 4fc70e
+	#allow zoneminder_script_t self:shm create_shm_perms;
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	manage_sock_files_pattern(httpd_zoneminder_script_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
Miroslav Grepl 4fc70e
+	manage_sock_files_pattern(zoneminder_script_t, zoneminder_var_lib_t, zoneminder_var_lib_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-    rw_files_pattern(httpd_zoneminder_script_t, zoneminder_tmpfs_t, zoneminder_tmpfs_t)
Miroslav Grepl 4fc70e
+    rw_files_pattern(zoneminder_script_t, zoneminder_tmpfs_t, zoneminder_tmpfs_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	zoneminder_stream_connect(httpd_zoneminder_script_t)
Miroslav Grepl 4fc70e
+	zoneminder_stream_connect(zoneminder_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-    can_exec(zoneminder_t, httpd_zoneminder_script_exec_t)
Miroslav Grepl 4fc70e
+    can_exec(zoneminder_t, zoneminder_script_exec_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	files_search_var_lib(httpd_zoneminder_script_t)
Miroslav Grepl 4fc70e
+	files_search_var_lib(zoneminder_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	logging_send_syslog_msg(httpd_zoneminder_script_t)
Miroslav Grepl 4fc70e
+	logging_send_syslog_msg(zoneminder_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
-	    	mysql_stream_connect(httpd_zoneminder_script_t)
Miroslav Grepl 4fc70e
+	    	mysql_stream_connect(zoneminder_script_t)
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e
Miroslav Grepl 4fc70e