On Sun, 27 Jun 2004 21:33, Yuichi Nakamura <himainu-ynakam(a)miomio.jp> wrote:
I found that webalizer does not work from cron on FedoraCore2.
It seems that there is no policy for webalizer.
I wrote policy for webalizer.
I tested it from command line and cron.
Please use.
I think you should use etc_domain(webalizer) instead of defining
webalizer_conf_t and var_lib_domain(webalizer) instead of webalizer_write_t.
We could have /var/www/usage labelled as httpd_sys_content_t. That gives less
types (less pain) for no significant decrease in security. I should probably
make a similar change to calamaris_t.
For access to locale_t you want read_locale(webalizer_t).
As a general rule we don't want to allow any daemons access to the
administrator console if we can avoid it. I'm not sure what the best thing
to do for webalizer is in this regard.
I've made some minor changes, please check the attached files and tell me what
you think.
PS I've been running webalizer in logrotate_t domain for a couple of years.
This isn't ideal though as I needed to put some entries in custom.te for it -
not something I could distribute. Having a webalizer_t is a good
improvement.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page