AWStats Update-now link has permissions issues
Dominick Grift
dominick.grift at gmail.com
Tue Oct 30 19:45:37 UTC 2012
On Tue, 2012-10-30 at 13:30 -0600, Dmitry Makovey wrote:
> allow awstats_t httpd_log_t:file write;
>
> module into the setup. However given that we're dealing with "Standard
> function" of AWStats it would be nice to wrap it in conditional and throw in
> base policy.
>
> Which really raises a question: should base policies (and modules) cover all
> aspects of "normal"/"legitimate" functionality of applications "out-of-the-
> box" or shall we expect it to cover only a subset? Is it SELinux's group role
> to suggest "insecure" practices that will not be covered by policies and
> probably should be discouraged irregardless of SELinux state (on or off)?
In my view ideally it should be transparent but in practice SELinux is
also used to block "functionality" sometimes
A boolean for the above should be fine in my view
> --
> Dmitry Makovey
> Web Systems Administrator
> Athabasca University
> (780) 675-6245
> ---
> Confidence is what you have before you understand the problem
> Woody Allen
>
> When in trouble when in doubt run in circles scream and shout
> http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
>
>
More information about the selinux
mailing list