awstats AVC denial

Vadym Chepkov chepkov at yahoo.com
Sat Feb 7 15:27:30 UTC 2009 

audit2why says:
type=AVC msg=audit(1234014919.167:40376): avc:  denied  { read } for  pid=32656 comm="awstats.pl" name="awstats" dev=sda1 ino=704533 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check boolean settings.
                You can see the necessary allow rules by running audit2allow with this audit message as input.

type=AVC msg=audit(1234014919.167:40377): avc:  denied  { getattr } for  pid=32656 comm="awstats.pl" path="/var/www/awstats/awstats022009.txt" dev=sda1 ino=706623 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check boolean settings.
                You can see the necessary allow rules by running audit2allow with this audit message as input.


audit2allow suggests:
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_content_t:dir read;
allow httpd_sys_script_t httpd_sys_content_t:file { read ioctl getattr };


Sincerely yours,
  Vadym Chepkov

More information about the fedora-selinux-list mailing list