awstats AVC denial
Vadym Chepkov
chepkov at yahoo.com
Sat Feb 7 15:27:30 UTC 2009
audit2why says:
type=AVC msg=audit(1234014919.167:40376): avc: denied { read } for pid=32656 comm="awstats.pl" name="awstats" dev=sda1 ino=704533 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.
type=AVC msg=audit(1234014919.167:40377): avc: denied { getattr } for pid=32656 comm="awstats.pl" path="/var/www/awstats/awstats022009.txt" dev=sda1 ino=706623 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=file
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.
audit2allow suggests:
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_content_t:dir read;
allow httpd_sys_script_t httpd_sys_content_t:file { read ioctl getattr };
Sincerely yours,
Vadym Chepkov
More information about the fedora-selinux-list
mailing list