On Tue, 2012-10-30 at 16:14 -0600, Dmitry Makovey wrote: > On October 30, 2012 20:45:37 Dominick Grift wrote: > > On Tue, 2012-10-30 at 13:30 -0600, Dmitry Makovey wrote: > > > > > > > allow awstats_t httpd_log_t:file write; > > > > > > module into the setup. However given that we're dealing with "Standard > > > function" of AWStats it would be nice to wrap it in conditional and throw > > > in base policy. > > > > > > Which really raises a question: should base policies (and modules) cover > > > all aspects of "normal"/"legitimate" functionality of applications > > > "out-of-the- box" or shall we expect it to cover only a subset? Is it > > > SELinux's group role to suggest "insecure" practices that will not be > > > covered by policies and probably should be discouraged irregardless of > > > SELinux state (on or off)? > > > > In my view ideally it should be transparent but in practice SELinux is > > also used to block "functionality" sometimes > > > > A boolean for the above should be fine in my view > > should I drop request in RH bugzilla? If you want that feature to be available to the public then sure. It can't hurt to ask for a feature > -- > Dmitry Makovey > Web Systems Administrator > Athabasca University > (780) 675-6245 > --- > Confidence is what you have before you understand the problem > Woody Allen > > When in trouble when in doubt run in circles scream and shout > http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
