selinux-policy/targeted/domains/program/webalizer.te
2005-10-21 18:05:21 +00:00

52 lines
1.2 KiB
Plaintext

# DESC webalizer - webalizer
#
# Author: Yuichi Nakamura (ynakam @ selinux.gr.jp)
#
# Depends: apache.te
application_domain(webalizer, `, nscd_client_domain')
# to use from cron
system_crond_entry(webalizer_exec_t,webalizer_t)
role system_r types webalizer_t;
##type definision
# type for usage file
type webalizer_usage_t,file_type,sysadmfile;
# type for /var/lib/webalizer
type webalizer_write_t,file_type,sysadmfile;
# type for webalizer.conf
etc_domain(webalizer)
#read apache log
allow webalizer_t var_log_t:dir r_dir_perms;
r_dir_file(webalizer_t, httpd_log_t)
ifdef(`ftpd.te', `
allow webalizer_t xferlog_t:file { getattr read };
')
#r/w /var/lib/webalizer
var_lib_domain(webalizer)
#read /var/www/usage
create_dir_file(webalizer_t, httpd_sys_content_t)
#read system files under /etc
allow webalizer_t { etc_t etc_runtime_t }:file { getattr read };
read_locale(webalizer_t)
# can use tmp file
tmp_domain(webalizer)
# can read /proc
read_sysctl(webalizer_t)
allow webalizer_t proc_t:dir search;
allow webalizer_t proc_t:file r_file_perms;
# network
can_network_server(webalizer_t)
#process communication inside webalizer itself
general_domain_access(webalizer_t)
allow webalizer_t self:capability dac_override;