On Tue, 2012-10-30 at 16:14 -0600, Dmitry Makovey wrote:
On October 30, 2012 20:45:37 Dominick Grift wrote:
> On Tue, 2012-10-30 at 13:30 -0600, Dmitry Makovey wrote:
>
>
> > allow awstats_t httpd_log_t:file write;
> >
> > module into the setup. However given that we're dealing with "Standard
> > function" of AWStats it would be nice to wrap it in conditional and throw
> > in base policy.
> >
> > Which really raises a question: should base policies (and modules) cover
> > all aspects of "normal"/"legitimate" functionality of
applications
> > "out-of-the- box" or shall we expect it to cover only a subset? Is
it
> > SELinux's group role to suggest "insecure" practices that will
not be
> > covered by policies and probably should be discouraged irregardless of
> > SELinux state (on or off)?
>
> In my view ideally it should be transparent but in practice SELinux is
> also used to block "functionality" sometimes
>
> A boolean for the above should be fine in my view
should I drop request in RH bugzilla?
If you want that feature to be available to the public then sure. It
can't hurt to ask for a feature
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330