Avc messages about awstats.pl and some mailmain commands
Stefan Schulze Frielinghaus
stefan at seekline.net
Tue Oct 30 12:42:50 UTC 2007
On Tue, 2007-10-30 at 14:31 +0200, Ali Nebi wrote:
> On Tue, 2007-10-30 at 12:24 +0000, Stefan Schulze Frielinghaus wrote:
> > On Tue, 2007-10-30 at 13:32 +0200, Ali Nebi wrote:
> > [...]
> > > Oct 21 20:56:58 casamerica kernel: audit(1192993018.053:2785): avc:
> > > denied { create } for pid=3721 comm="awstats.pl"
> > > scontext=user_u:system_r:httpd_sys_script_t:s0
> > > tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
> > [...]
> > > What is the best decision to solve these audits? I'm trying to
> > > understand selinux principles and try to moving the server to enforce
> > > mode.
> >
> > You need a policy for Awstats. The latest refpolicy release
> > (http://oss.tresys.com/files/refpolicy/refpolicy-20070928.tar.bz2)
> > includes awstats. I guess Fedora 6 doesn't include the latest policy for
> > awstats.
> >
> > cheers,
> > Stefan
> >
>
> Perfect, thanks. I will install it. Yes, i checked for awstats, but i think it doesn't include the latest policy until now.
> Thanks again
Just wanted to mention: You don't need to install the whole refpolicy.
This would mean you substitute the selinux policy of fedora core 6
(which I wouldn't suggest). Just get the awstats.te, awstats.fc,
awstats.if files copy them to e.g. /root/selinux and install the
selinux-policy-devel rpm package. Build the awstats module and install
only this one.
cheers,
Stefan
More information about the fedora-selinux-list
mailing list