Re: cron -> epylog -> links

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Miroslav Grepl pise:
> On 09/20/2012 04:50 PM, Zdenek Pytela wrote:
> >	Hello everybody,
> >every night cron calls epylog and it launches links.
> >links wants to create a temporary file links.tmp and write to ~/.links
> >directory and to check bookmarks/history and other files.
> >As epylog is run as root, admin_home is affected.
> >If run from a cli, no alert is displayed.
> >It is (probably) run from publishers.py at line 264:
> >
> >exitcode = os.system('%s -dump %s > %s 2>/dev/null'
> >                                  % (self.lynx, htmlfile, plainfile)
> >
> >As a2a recommends, it is easy to make a local policy file.
> >
> >#============= logwatch_t ==============
> >#!!!! The source type 'logwatch_t' can write to a 'dir' of the following types:
> ># logwatch_cache_t, logwatch_tmp_t
> >
> >allow logwatch_t admin_home_t:dir { write remove_name add_name setattr };
> >#!!!! The source type 'logwatch_t' can write to a 'file' of the following types:
> ># logwatch_lock_t, logwatch_var_run_t, logwatch_cache_t, logwatch_tmp_t
> >
> >allow logwatch_t admin_home_t:file { rename write read create unlink open };
> >
> >(and similar).
> >This looks to me as too big unconfining.
> >I think that relabeling of .elinks directory and its files are better solution.
> >Maybe this is a job for transition which I am not still familiar with.
> >But I am also surprised that this happen to nobody else, as most of the
> >epylog.conf settings are default. All of my hosts have this bug-or-what-it-is.
> >
> >Thanks in advance,
> >
> What OS?
f16, f17
 
> # rpm -q selinux-policy
selinux-policy-3.10.0-91.fc16
selinux-policy-devel-3.10.0-146.fc17
latest at that time
 
> Is this
> 
> ~/.links
> 
> default location?
	Yes it is:
elinks(1)
...
       ELINKS_CONFDIR
           The location of the directory containing configuration files. If
           not set the default is ~/.elinks/.
...
and other references in the FILES section.
It can be changed or switched off.

-- 

--Zdenek Pytela, <pytela@xxxxxxxxxxxx>

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux