Bug 1001804
Summary: | SELinux is preventing /usr/bin/webalizer from 'write' accesses on the file /var/log/squid/usage/index.html. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nivag <gavinflower> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:77c0578044b23af905ea82af3370fe0877ec7f1bfe47c0ba8f507b25d0c323b0 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-29 08:33:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nivag
2013-08-27 19:38:58 UTC
What kind of logs does webalizer need to write to ? sesearch -A -s webalizer_t -c file -p write | grep open allow webalizer_t webalizer_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow webalizer_t webalizer_t : file { ioctl read write getattr lock append open } ; allow webalizer_t httpd_sys_content_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow webalizer_t anon_inodefs_t : file { ioctl read write getattr lock append open } ; allow webalizer_t webalizer_var_lib_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow webalizer_t httpd_webalizer_content_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; Currently it is allowed to write to webalizer_tmp_t webalizer_t httpd_sys_content_t anon_inodefs_t webalizer_var_lib_t httpd_webalizer_content_t Still the same issue with /var/log/squid. I see the correct path is /var/www/usage(/.*)? gen_context(system_u:object_r:httpd_webalizer_content_t,s0) I wrote additional comment in the second bug. |