Awstats search access denied

Geert Janssens geert at kobaltwit.be
Tue May 28 08:26:23 UTC 2013 

Hi,

I have updated my Centos 6 installation a couple of days ago to include the most recent 
packages.

Since that moment my awstats cron job is not working anymore. This cron job reads apache 
log files and generates statistics for this.

Here is a sample of the avc I get:
----
time->Sat May 25 10:01:07 2013
type=PATH msg=audit(1369468867.049:94733): item=1 name=(null) inode=5832775 
dev=ca:00 mode=040755 ouid=0 ogid=0 rdev=00:00 
obj=system_u:object_r:httpd_sys_content_t:s0
type=PATH msg=audit(1369468867.049:94733): item=0 
name="/var/www/hosting/iyoga.be/log/access_log"
type=CWD msg=audit(1369468867.049:94733):  cwd="/"
type=SYSCALL msg=audit(1369468867.049:94733): arch=c000003e syscall=2 success=no 
exit=-13 a0=2cc6490 a1=0 a2=1b6 a3=37b751dd40 items=2 ppid=7229 pid=7230 auid=0 
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2826 
comm="awstats.pl" exe="/usr/bin/perl" subj=system_u:system_r:awstats_t:s0-s0:c0.c1023 
key=(null)
type=AVC msg=audit(1369468867.049:94733): avc:  denied  { search } for  pid=7230 
comm="awstats.pl" name="www" dev=xvda ino=5832775 
scontext=system_u:system_r:awstats_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
----

In /var/log/messages the corresponding message is:
May 25 10:01:12 abmpub6 setroubleshoot: SELinux is preventing /usr/bin/perl from search 
access on the directory /var/www/hosting/iyoga.be/log/access_log. For complete SELinux 
messages.
run sealert -l cb05aa4b-3270-49e5-be6f-37c8a6cadc56

The first oddity to note is that /var/www/hosting/iyoga.be/log/access_log is not a directory, 
but a file.

Next I'm confused with the labels. The file is labeled system_u:object_r:httpd_log_t:s0, but the 
avc seems to complain about system_u:object_r:httpd_sys_content_t:s0

Currently installed packages:
selinux-policy-targeted-3.7.19-195.el6_4.5.noarch
awstats-7.0-3.el6.noarch

I have no idea what happens here, let alone how to fix it. Can anyone shed some more light 
on this ?

Thank you,

Geert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130528/6388034b/attachment.html>

More information about the selinux mailing list