Hi,
While playing with logwatch setup I've stepped on a small issue: when I try to use logwatch to output to file via:
logwatch > /var/lib/logwatch/all_reports.txt
I've got deny whether I tag above file with var_lib_t or cron_var_lib_t . I took a look at sesearch:
$ sesearch -A -s logwatch_exec_t Found 7 semantic av rules: allow file_type tmp_t : filesystem associate ; allow file_type noxattrfs : filesystem associate ; allow file_type fs_t : filesystem associate ; allow file_type ramfs_t : filesystem associate ; allow file_type tmpfs_t : filesystem associate ; allow file_type hugetlbfs_t : filesystem associate ; allow logwatch_exec_t logwatch_exec_t : filesystem associate ;
Nothing indicates any way of making my setup work other than crafting a module, is that the answer?
On 10/21/2014 09:41 AM, Dmitry Makovey wrote:
Hi,
While playing with logwatch setup I've stepped on a small issue: when I try to use logwatch to output to file via:
logwatch > /var/lib/logwatch/all_reports.txt
I've got deny whether I tag above file with var_lib_t or cron_var_lib_t . I took a look at sesearch:
$ sesearch -A -s logwatch_exec_t Found 7 semantic av rules: allow file_type tmp_t : filesystem associate ; allow file_type noxattrfs : filesystem associate ; allow file_type fs_t : filesystem associate ; allow file_type ramfs_t : filesystem associate ; allow file_type tmpfs_t : filesystem associate ; allow file_type hugetlbfs_t : filesystem associate ; allow logwatch_exec_t logwatch_exec_t : filesystem associate ;
Nothing indicates any way of making my setup work other than crafting a module, is that the answer?
I've pushed issue slightly further by convincing logwatch to file into /var/lib/logwatch/all_reports.txt by default, but I'm also trying to use version controll on that file to obtain day-to-day deltas and that is still producing a denial. What is the best way of approaching common cron issues like that?
On 10/21/2014 09:46 AM, Dmitry Makovey wrote:
I've pushed issue slightly further by convincing logwatch to file into /var/lib/logwatch/all_reports.txt by default, but I'm also trying to use version controll on that file to obtain day-to-day deltas and that is still producing a denial. What is the best way of approaching common cron issues like that?
Face-palm moment here...
after convincing logwatch to log to a file, and doing all the version control operations from crontab things seem to work as expected - no adjustment necessary.
selinux@lists.fedoraproject.org