Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 872542 - AWStats SELinux module lacks tunable for PurgeLogFile=1 setup
AWStats SELinux module lacks tunable for PurgeLogFile=1 setup
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.4
All Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On: 872345
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-02 07:43 EDT by Daniel Walsh
Modified: 2013-11-21 05:10 EST (History)
5 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-210.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 872345
Environment:
Last Closed: 2013-11-21 05:10:29 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1598 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2013-11-20 16:39:24 EST

  None (edit)
Description Daniel Walsh 2012-11-02 07:43:12 EDT 
+++ This bug was initially created as a clone of Bug #872345 +++

Description of problem:

Currently if SELinux enabled on Fedora 16+ or RHEL6 and awstats installed (via EPEL for RHEL) - enabling "PurgeLogFile=1" option creates SELinux denials.

Version-Release number of selected component (if applicable):

RHEL:
awstats-7.0-2.el6.noarch
selinux-policy-3.7.19-155.el6_3.4.noarch
selinux-policy-targeted-3.7.19-155.el6_3.4.noarch

F16:
awstats-7.0-6.fc16.noarch
selinux-policy-3.10.0-91.fc16.noarch
selinux-policy-targeted-3.10.0-91.fc16.noarch

How reproducible:

always

Steps to Reproduce:
1. install Fedora/RHEL+EPEL
2. enable SELinux
3. install awstats
4. configure awstats to purge httpd log files:
PurgeLogFile=1
  
Actual results:

type=AVC msg=audit(1349467262.084:790): avc:  denied  { write } for  pid=7413 comm="awstats.pl" name="moodle22-access_log" dev=dm-6 ino=39 scontext=system_u:system_r:awstats_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_log_t:s0 tclass=file

and un-purged files.

Expected results:

files processed by awstats and logfiles purged after processing.

Additional info:

I have "fixed" it locally by building additional SELinux policy module:

module awstats-httpd-logs 1.1;

require {
        type httpd_log_t;
        type awstats_t;
        class file write;
}

#============= awstats_t ==============
allow awstats_t httpd_log_t:file write;

however I believe it should be part of base awstats module with a tunable boolean switching on/off behavior with default to "off".
Comment 2 RHEL Product and Program Management 2012-12-14 03:17:13 EST 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Miroslav Grepl 2012-12-14 05:46:18 EST 
Moving it to RHEL6.5.
Comment 7 errata-xmlrpc 2013-11-21 05:10:29 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.