On 10/21/2014 09:41 AM, Dmitry Makovey wrote:
> Hi,
>
> While playing with logwatch setup I've stepped on a small issue: when I
> try to use logwatch to output to file via:
>
> logwatch > /var/lib/logwatch/all_reports.txt
>
> I've got deny whether I tag above file with var_lib_t or cron_var_lib_t
> . I took a look at sesearch:
>
> $ sesearch -A -s logwatch_exec_t
> Found 7 semantic av rules:
> allow file_type tmp_t : filesystem associate ;
> allow file_type noxattrfs : filesystem associate ;
> allow file_type fs_t : filesystem associate ;
> allow file_type ramfs_t : filesystem associate ;
> allow file_type tmpfs_t : filesystem associate ;
> allow file_type hugetlbfs_t : filesystem associate ;
> allow logwatch_exec_t logwatch_exec_t : filesystem associate ;
>
> Nothing indicates any way of making my setup work other than crafting a
> module, is that the answer?
I've pushed issue slightly further by convincing logwatch to file into
/var/lib/logwatch/all_reports.txt by default, but I'm also trying to use
version controll on that file to obtain day-to-day deltas and that is
still producing a denial. What is the best way of approaching common
cron issues like that?
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
