Re: New selinux-policy breaks logwatch emails?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Kwan Lowe <kwan.lowe@xxxxxxxxx> wrote:

>>
Oh whew...From the other thread it looks like this bit a few people.
<<

Sorry - I came in late and missed the earlier discussion (so many emails to
skim, so little time . . . ).

Around October, a Centos 5.3 web server here also stopped updating
Webalizer stats. When I finally noticed, I discovered it was an issue with
SELinux denying access to the logs, and used audit2allow to update the
policy. If anyone else fell foul of this, I'm happy to send them the
policy.

Oh, wth - it's only two short files:

*** webalizerlocal.te:

module webalizerlocal 1.0;

require {
        type httpd_t;
        type home_root_t;
        class file { read getattr };
}

#============= httpd_t ==============
allow httpd_t home_root_t:file { read getattr };

*** webalizerlocal2.te:

module webalizerlocal2 1.0;

require {
        type home_root_t;
        type webalizer_t;
        class dir search;
}

#============= webalizer_t ==============
allow webalizer_t home_root_t:dir search;

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux