From Debian package 0.2.20091117-3

  * Change the apache_content_template() macro to not define the type
    httpd_$1_script_exec_t, now the caller must unconditionally define it and
    can therefore use it in it's .fc file without making a .fc dependency.

Index: policy/modules/apps/awstats.te
===================================================================
--- policy/modules/apps/awstats.te.orig
+++ policy/modules/apps/awstats.te
@@ -17,6 +17,7 @@
 type awstats_var_lib_t;
 files_type(awstats_var_lib_t)
 
+apache_script_exec_domain(awstats)
 apache_content_template(awstats)
 
 ########################################
Index: policy/modules/services/apache.if
===================================================================
--- policy/modules/services/apache.if.orig
+++ policy/modules/services/apache.if
@@ -11,12 +11,29 @@
 ##	</summary>
 ## </param>
 #
+template(`apache_script_exec_domain',`
+	type httpd_$1_script_exec_t; # customizable;
+	fs_associate(httpd_$1_script_exec_t)
+')
+
+########################################
+## <summary>
+##	Create a set of derived types for apache
+##	web content.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix to be used for deriving type names.
+##	</summary>
+## </param>
+#
 template(`apache_content_template',`
 	gen_require(`
 		attribute httpdcontent;
 		attribute httpd_exec_scripts;
 		attribute httpd_script_exec_type;
 		type httpd_t, httpd_suexec_t, httpd_log_t;
+		type httpd_$1_script_exec_t;
 	')
 	# allow write access to public file transfer
 	# services files.
@@ -37,7 +54,9 @@
 	role system_r types httpd_$1_script_t;
 
 	# This type is used for executable scripts files
-	type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
+	# must be defined by the caller
+	# type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
+	typeattribute httpd_$1_script_exec_t httpd_script_exec_type;
 	corecmd_shell_entry_type(httpd_$1_script_t)
 	domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)
 
Index: policy/modules/services/apache.te
===================================================================
--- policy/modules/services/apache.te.orig
+++ policy/modules/services/apache.te
@@ -215,6 +215,7 @@
 files_tmp_file(httpd_suexec_tmp_t)
 
 # setup the system domain for system CGI scripts
+apache_script_exec_domain(sys)
 apache_content_template(sys)
 typealias httpd_sys_content_t alias ntop_http_content_t;
 
@@ -224,6 +225,7 @@
 type httpd_tmpfs_t;
 files_tmpfs_file(httpd_tmpfs_t)
 
+apache_script_exec_domain(user)
 apache_content_template(user)
 ubac_constrained(httpd_user_script_t)
 userdom_user_home_content(httpd_user_content_t)
Index: policy/modules/services/apcupsd.te
===================================================================
--- policy/modules/services/apcupsd.te.orig
+++ policy/modules/services/apcupsd.te
@@ -107,6 +107,7 @@
 # apcupsd_cgi Declarations
 #
 
+apache_script_exec_domain(apcupsd_cgi)
 optional_policy(`
 	apache_content_template(apcupsd_cgi)
 
Index: policy/modules/services/cvs.te
===================================================================
--- policy/modules/services/cvs.te.orig
+++ policy/modules/services/cvs.te
@@ -106,6 +106,7 @@
 # CVSWeb policy
 #
 
+apache_script_exec_domain(cvs)
 optional_policy(`
 	apache_content_template(cvs)
 
Index: policy/modules/services/git.te
===================================================================
--- policy/modules/services/git.te.orig
+++ policy/modules/services/git.te
@@ -5,4 +5,5 @@
 # Declarations
 #
 
+apache_script_exec_domain(git)
 apache_content_template(git)
Index: policy/modules/services/munin.te
===================================================================
--- policy/modules/services/munin.te.orig
+++ policy/modules/services/munin.te
@@ -122,6 +122,7 @@
 userdom_dontaudit_use_unpriv_user_fds(munin_t)
 userdom_dontaudit_search_user_home_dirs(munin_t)
 
+apache_script_exec_domain(munin)
 optional_policy(`
 	apache_content_template(munin)
 
Index: policy/modules/services/prelude.te
===================================================================
--- policy/modules/services/prelude.te.orig
+++ policy/modules/services/prelude.te
@@ -278,6 +278,7 @@
 # prewikka_cgi Declarations
 #
 
+apache_script_exec_domain(prewikka)
 optional_policy(`
 	apache_content_template(prewikka)
 
Index: policy/modules/services/squid.te
===================================================================
--- policy/modules/services/squid.te.orig
+++ policy/modules/services/squid.te
@@ -177,6 +177,7 @@
 	corenet_tcp_bind_netport_port(squid_t)
 ')
 
+apache_script_exec_domain(squid)
 optional_policy(`
 	apache_content_template(squid)
 
Index: policy/modules/services/w3c.te
===================================================================
--- policy/modules/services/w3c.te.orig
+++ policy/modules/services/w3c.te
@@ -5,6 +5,7 @@
 # Declarations
 #
 
+apache_script_exec_domain(w3c_validator)
 apache_content_template(w3c_validator)
 
 ########################################