On Tue, 2012-10-30 at 13:30 -0600, Dmitry Makovey wrote: > allow awstats_t httpd_log_t:file write; > > module into the setup. However given that we're dealing with "Standard > function" of AWStats it would be nice to wrap it in conditional and throw in > base policy. > > Which really raises a question: should base policies (and modules) cover all > aspects of "normal"/"legitimate" functionality of applications "out-of-the- > box" or shall we expect it to cover only a subset? Is it SELinux's group role > to suggest "insecure" practices that will not be covered by policies and > probably should be discouraged irregardless of SELinux state (on or off)? In my view ideally it should be transparent but in practice SELinux is also used to block "functionality" sometimes A boolean for the above should be fine in my view > -- > Dmitry Makovey > Web Systems Administrator > Athabasca University > (780) 675-6245 > --- > Confidence is what you have before you understand the problem > Woody Allen > > When in trouble when in doubt run in circles scream and shout > http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
