# DESC webalizer - webalizer
#
# Author: Yuichi Nakamura (ynakam @ selinux.gr.jp)
#
# Depends: apache.te

application_domain(webalizer, `, nscd_client_domain')
# to use from cron
system_crond_entry(webalizer_exec_t,webalizer_t)
role system_r types webalizer_t;

##type definision
# type for usage file
type webalizer_usage_t,file_type,sysadmfile;
# type for /var/lib/webalizer
type webalizer_write_t,file_type,sysadmfile;
# type for webalizer.conf
etc_domain(webalizer)

#read apache log
allow webalizer_t var_log_t:dir r_dir_perms;
r_dir_file(webalizer_t, httpd_log_t)
ifdef(`ftpd.te', `
allow webalizer_t xferlog_t:file { getattr read };
')

#r/w /var/lib/webalizer
var_lib_domain(webalizer)

#read /var/www/usage
create_dir_file(webalizer_t, httpd_sys_content_t)

#read system files under /etc
allow webalizer_t { etc_t etc_runtime_t }:file { getattr read };
read_locale(webalizer_t)

# can use tmp file
tmp_domain(webalizer)

# can read /proc
read_sysctl(webalizer_t)
allow webalizer_t proc_t:dir search;
allow webalizer_t proc_t:file r_file_perms;

# network
can_network_server(webalizer_t)

#process communication inside webalizer itself
general_domain_access(webalizer_t)

allow webalizer_t self:capability dac_override;