78 lines
1.6 KiB
Plaintext
78 lines
1.6 KiB
Plaintext
|
|
policy_module(awstats, 1.0.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type awstats_t;
|
|
type awstats_exec_t;
|
|
domain_type(awstats_t)
|
|
domain_entry_file(awstats_t, awstats_exec_t)
|
|
role system_r types awstats_t;
|
|
|
|
type awstats_tmp_t;
|
|
files_tmp_file(awstats_tmp_t)
|
|
|
|
type awstats_var_lib_t;
|
|
files_type(awstats_var_lib_t)
|
|
|
|
apache_content_template(awstats)
|
|
|
|
########################################
|
|
#
|
|
# awstats policy
|
|
#
|
|
|
|
awstats_rw_pipes(awstats_t)
|
|
awstats_cgi_exec(awstats_t)
|
|
|
|
manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
|
|
manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
|
|
files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
|
|
|
|
manage_files_pattern(awstats_t, awstats_var_lib_t, awstats_var_lib_t)
|
|
files_var_lib_filetrans(awstats_t, awstats_var_lib_t, file)
|
|
|
|
# dontaudit access to /proc/meminfo
|
|
kernel_dontaudit_read_system_state(awstats_t)
|
|
|
|
corecmd_exec_bin(awstats_t)
|
|
corecmd_exec_shell(awstats_t)
|
|
|
|
dev_read_urand(awstats_t)
|
|
|
|
files_read_etc_files(awstats_t)
|
|
# e.g. /usr/share/awstats/lang/awstats-en.txt
|
|
files_read_usr_files(awstats_t)
|
|
|
|
fs_list_inotifyfs(awstats_t)
|
|
|
|
libs_read_lib_files(awstats_t)
|
|
|
|
miscfiles_read_localization(awstats_t)
|
|
|
|
sysnet_dns_name_resolve(awstats_t)
|
|
|
|
apache_read_log(awstats_t)
|
|
|
|
optional_policy(`
|
|
cron_system_entry(awstats_t, awstats_exec_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
# dontaudit searching nscd pid directory
|
|
nscd_dontaudit_search_pid(awstats_t)
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# awstats cgi script policy
|
|
#
|
|
|
|
allow httpd_awstats_script_t awstats_var_lib_t:dir list_dir_perms;
|
|
|
|
read_files_pattern(httpd_awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)
|
|
files_search_var_lib(httpd_awstats_script_t)
|