[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SELinux and awstats.pl



Hi, 

after installing and enabling SELinux awstats always report this error:

Error: AWStats database directory defined in config file by 'DirData' parameter (/var/lib/awstats) does not exist or is not writable.

By disabling SELinux using `setenforce 0` awstats "works" again.

Anyone facing the same problem? Any hints?

Here follows some relevant debugging infos:

# grep awstats  /var/log/audit/audit.log
type=AVC msg=audit(1387179027.001:4159): avc:  denied  { getattr } for  pid=7029 comm="awstats.pl" path="/var/lib/awstats" dev=dm-3 ino=23910 scontext=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:awstats_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1387179027.001:4159): arch=c000003e syscall=4 success=no exit=-13 a0=1588ee0 a1=1480138 a2=1480138 a3=0 items=0 ppid=3298 pid=7029 auid=0 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=2 comm="awstats.pl" exe="/usr/bin/perl" subj=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023 key=(null)



# grep awstats  /var/log/audit/audit.log  | audit2why
type=AVC msg=audit(1387179027.001:4159): avc:  denied  { getattr } for  pid=7029 comm="awstats.pl" path="/var/lib/awstats" dev=dm-3 ino=23910 scontext=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:awstats_var_lib_t:s0 tclass=dir

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

regards
/raffaele

Reply to: