On Tue, 2013-05-28 at 10:26 +0200, Geert Janssens wrote:
type=AVC msg=audit(1369468867.049:94733): avc: denied { search }
for pid=7230
comm="awstats.pl" name="www" dev=xvda ino=5832775
scontext=system_u:system_r:awstats_t:s0-s0:c0.c1023
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
Next I'm confused with the labels. The file is labeled
system_u:object_r:httpd_log_t:s0, but the
avc seems to complain about system_u:object_r:httpd_sys_content_t:s0
The awstats.pl command was trying to "traverse" the "(/var/)www"
directory, which is labeled rightfully httpd_sys_content_t.
I can get all that information (and more) by analyzing the "type=AVC"
line above.
Either you have "misconfigured" awstats (what business does awstats.pl
have with webserver content?) or you need to adjust the policy to
reflect your particular configuration