[CentOS] New selinux-policy breaks logwatch emails?

Sat Jan 9 02:44:23 UTC 2010
Les Bell <lesbell at lesbell.com.au>

Kwan Lowe <kwan.lowe at gmail.com> wrote:

>>
Oh whew...From the other thread it looks like this bit a few people.
<<

Sorry - I came in late and missed the earlier discussion (so many emails to
skim, so little time . . . ).

Around October, a Centos 5.3 web server here also stopped updating
Webalizer stats. When I finally noticed, I discovered it was an issue with
SELinux denying access to the logs, and used audit2allow to update the
policy. If anyone else fell foul of this, I'm happy to send them the
policy.

Oh, wth - it's only two short files:

*** webalizerlocal.te:

module webalizerlocal 1.0;

require {
        type httpd_t;
        type home_root_t;
        class file { read getattr };
}

#============= httpd_t ==============
allow httpd_t home_root_t:file { read getattr };

*** webalizerlocal2.te:

module webalizerlocal2 1.0;

require {
        type home_root_t;
        type webalizer_t;
        class dir search;
}

#============= webalizer_t ==============
allow webalizer_t home_root_t:dir search;

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144