On Tue, 2012-10-30 at 13:30 -0600, Dmitry Makovey wrote:
allow awstats_t httpd_log_t:file write;
module into the setup. However given that we're dealing with "Standard
function" of AWStats it would be nice to wrap it in conditional and throw in
base policy.
Which really raises a question: should base policies (and modules) cover all
aspects of "normal"/"legitimate" functionality of applications
"out-of-the-
box" or shall we expect it to cover only a subset? Is it SELinux's group role
to suggest "insecure" practices that will not be covered by policies and
probably should be discouraged irregardless of SELinux state (on or off)?
In my view ideally it should be transparent but in practice SELinux is
also used to block "functionality" sometimes
A boolean for the above should be fine in my view
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330