AWStats

[Mickey Hill]

Hi all,

I have installed awstats (an httpd log file analyzer) from Extras and am
having some SELinux issues.  I've gotten the same results on FC4 and
Rawhide, using current packages and unchanged config files.  Below are
the steps I went through to get it working.  Could someone more
knowledgeable provide some feedback on this, or point me in the right
direction?  Is there a better or more correct way to do this?  Is this
something that could or should be added to the policy?

/usr/share/awstats/wwwroot/cgi-bin/awstats.pl is run as a CGI script by
httpd, but is denied.

# ls -Z /usr/share/awstats/wwwroot/cgi-bin/
-rwxr-xr-x  root     root     system_u:object_r:usr_t
awredir.pl
-rwxr-xr-x  root     root     system_u:object_r:usr_t
awstats.pl

Changing the type gets the script running:

# chcon -t httpd_sys_script_exec_t /usr/share/awstats/wwwroot/cgi-bin/*
# ls -Z /usr/share/awstats/wwwroot/cgi-bin/
-rwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_exec_t
awredir.pl
-rwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_exec_t
awstats.pl

However, the script reports an error.

Error: AWStats database directory defined in config file by 'DirData'
parameter (/var/lib/awstats) does not exist or is not writable.

# ls -Z /var/lib
...
drwxr-xr-x  root     root     system_u:object_r:var_lib_t      awstats
...

Changing the type allows the script to run:

# chcon -t httpd_sys_script_rw_t /var/lib/awstats
# ls -Z /var/lib
...
drwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_rw_t
awstats
...

Any thoughts?

Thanks,
-- 
Mickey Hill <mickey at mickeyhill.com>