Miroslav Grepl pise:
On 09/20/2012 04:50 PM, Zdenek Pytela wrote:
> Hello everybody,
>every night cron calls epylog and it launches links.
>links wants to create a temporary file links.tmp and write to ~/.links
>directory and to check bookmarks/history and other files.
>As epylog is run as root, admin_home is affected.
>If run from a cli, no alert is displayed.
>It is (probably) run from publishers.py at line 264:
>
>exitcode = os.system('%s -dump %s > %s 2>/dev/null'
> % (self.lynx, htmlfile, plainfile)
>
>As a2a recommends, it is easy to make a local policy file.
>
>#============= logwatch_t ==============
>#!!!! The source type 'logwatch_t' can write to a 'dir' of the
following types:
># logwatch_cache_t, logwatch_tmp_t
>
>allow logwatch_t admin_home_t:dir { write remove_name add_name setattr };
>#!!!! The source type 'logwatch_t' can write to a 'file' of the
following types:
># logwatch_lock_t, logwatch_var_run_t, logwatch_cache_t, logwatch_tmp_t
>
>allow logwatch_t admin_home_t:file { rename write read create unlink open };
>
>(and similar).
>This looks to me as too big unconfining.
>I think that relabeling of .elinks directory and its files are better solution.
>Maybe this is a job for transition which I am not still familiar with.
>But I am also surprised that this happen to nobody else, as most of the
>epylog.conf settings are default. All of my hosts have this bug-or-what-it-is.
>
>Thanks in advance,
>
What OS?
f16, f17
# rpm -q selinux-policy
selinux-policy-3.10.0-91.fc16
selinux-policy-devel-3.10.0-146.fc17
latest at that time
Is this
~/.links
default location?
Yes it is:
elinks(1)
...
ELINKS_CONFDIR
The location of the directory containing configuration files. If
not set the default is ~/.elinks/.
...
and other references in the FILES section.
It can be changed or switched off.
--
--Zdenek Pytela, <pytela(a)phil.muni.cz>