cron/anacron discrepancy in Centos 5?

[Moray Henderson (ICT)]

After I do a fresh install of a (slightly customised) CentOS 5, a
logwatch run is kicked off by anacron.  It tries to run a directory size
scan, which generates a whole list of errors:

du: cannot read directory `/var/log/audit': Permission denied
du: cannot read directory `/var/log/pm': Permission denied
...
du: cannot access `/usr/lib/sa/sa2': Permission denied
du: cannot read directory `/usr/lib/httpd': Permission denied

with corresponding AVCs:

type=AVC msg=audit(1271158392.750:101): avc:  denied  { read } for
pid=3429 comm="du" name="audit" dev=dm-4 ino=418914
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auditd_log_t:s0 tclass=dir
type=AVC msg=audit(1271158392.845:102): avc:  denied  { read } for
pid=3429 comm="du" name="pm" dev=dm-4 ino=418940
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hald_log_t:s0 tclass=dir
...
type=AVC msg=audit(1271158414.619:266): avc:  denied  { getattr } for
pid=3432 comm="du" path="/usr/lib/sa/sa2" dev=dm-1 ino=457413
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
type=AVC msg=audit(1271158414.648:267): avc:  denied  { read } for
pid=3432 comm="du" name="httpd" dev=dm-1 ino=422750
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:httpd_modules_t:s0 tclass=dir

However, once the system has settled down and logwatch is being run by
cron, the errors no longer appear.  Both cron and anacron have the same
type:

-rwxr-xr-x  root root system_u:object_r:crond_exec_t   /usr/sbin/anacron
-rwxr-xr-x  root root system_u:object_r:crond_exec_t   /usr/sbin/crond

-rwxr-xr-x  root root system_u:object_r:logwatch_exec_t
/usr/share/logwatch/scripts/logwatch.pl

So why does it fail from one and work from the other?


Moray.
"To err is human.  To purr, feline"