Hi,
after installing and enabling SELinux awstats always report this error:
Error: AWStats database directory defined in config file by 'DirData'
parameter (/var/lib/awstats) does not exist or is not writable.
By disabling SELinux using `setenforce 0` awstats "works" again.
Anyone facing the same problem? Any hints?
Here follows some relevant debugging infos:
# grep awstats /var/log/audit/audit.log
type=AVC msg=audit(1387179027.001:4159): avc: denied { getattr } for
pid=7029 comm="awstats.pl" path="/var/lib/awstats" dev=dm-3 ino=23910
scontext=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:awstats_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1387179027.001:4159): arch=c000003e syscall=4
success=no exit=-13 a0=1588ee0 a1=1480138 a2=1480138 a3=0 items=0 ppid=3298
pid=7029 auid=0 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33
fsgid=33 tty=(none) ses=2 comm="awstats.pl" exe="/usr/bin/perl"
subj=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023 key=(null)
# grep awstats /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1387179027.001:4159): avc: denied { getattr } for
pid=7029 comm="awstats.pl" path="/var/lib/awstats" dev=dm-3 ino=23910
scontext=unconfined_u:system_r:httpd_sys_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:awstats_var_lib_t:s0 tclass=dir
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to
allow this access.
regards
/raffaele
