# DESC webalizer - webalizer

#

# Author: Yuichi Nakamura (ynakam @ selinux.gr.jp)

#

# Depends: apache.te

application_domain(webalizer, `, nscd_client_domain')

# to use from cron

system_crond_entry(webalizer_exec_t,webalizer_t)

role system_r types webalizer_t;

##type definision

# type for usage file

type webalizer_usage_t,file_type,sysadmfile;

# type for /var/lib/webalizer

type webalizer_write_t,file_type,sysadmfile;

# type for webalizer.conf

etc_domain(webalizer)

#read apache log

allow webalizer_t var_log_t:dir r_dir_perms;

r_dir_file(webalizer_t, httpd_log_t)

ifdef(`ftpd.te', `

allow webalizer_t xferlog_t:file { getattr read };

')

#r/w /var/lib/webalizer

var_lib_domain(webalizer)

#read /var/www/usage

create_dir_file(webalizer_t, httpd_sys_content_t)

#read system files under /etc

allow webalizer_t { etc_t etc_runtime_t }:file { getattr read };

read_locale(webalizer_t)

# can use tmp file

tmp_domain(webalizer)

# can read /proc

read_sysctl(webalizer_t)

allow webalizer_t proc_t:dir search;

allow webalizer_t proc_t:file r_file_perms;

# network

can_network_server(webalizer_t)

#process communication inside webalizer itself

general_domain_access(webalizer_t)

allow webalizer_t self:capability dac_override;