Description of problem: When webalizer is run as a cron job to analyze squid logs and generate the output in /var/www/usage, it does not work. If I change SELinux mode from enforcing to permissive, the cron job works as expected. type=AVC msg=audit(1512207246.463:220): avc: denied { write } for pid=1353 comm="webalizer" name="usage" dev="dm-0" ino=8464194 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1512207246.463:221): avc: denied { add_name } for pid=1353 comm="webalizer" name="daily_usage_201711.png" scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1512207246.464:222): avc: denied { create } for pid=1353 comm="webalizer" name="daily_usage_201711.png" scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512207246.464:223): avc: denied { write open } for pid=1353 comm="webalizer" path="/var/www/usage/daily_usage_201711.png" dev="dm-0" ino=8646205 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512207246.464:224): avc: denied { getattr } for pid=1353 comm="webalizer" path="/var/www/usage/daily_usage_201711.png" dev="dm-0" ino=8646205 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512293042.049:277): avc: denied { getattr } for pid=2045 comm="webalizer" path="/var/www/usage/usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512293042.050:278): avc: denied { write } for pid=2045 comm="webalizer" name="usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512293042.050:279): avc: denied { open } for pid=2045 comm="webalizer" path="/var/www/usage/usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512379561.561:332): avc: denied { getattr } for pid=2775 comm="webalizer" path="/var/www/usage/usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512379561.561:333): avc: denied { write } for pid=2775 comm="webalizer" name="usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 type=AVC msg=audit(1512379561.562:334): avc: denied { open } for pid=2775 comm="webalizer" path="/var/www/usage/usage.png" dev="dm-0" ino=8666260 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:webalizer_rw_content_t:s0 tclass=file permissive=1 Version-Release number of selected component (if applicable): Source RPM : webalizer-2.23_08-7.fc26.src.rpm Source RPM : selinux-policy-3.13.1-260.14.fc26.src.rpm Source RPM : squid-4.0.20-2.fc26.src.rpm Source RPM : httpd-2.4.29-1.fc26.src.rpm Source RPM : kernel-4.13.15-200.fc26.src.rpm How reproducible: 100% Steps to Reproduce: 1. Install and upgrade required packages with dnf: dnf upgrade dnf install squid dnf install webalizer 2. Configure services as needed (squid, httpd, webalizer) vi /etc/webalizer.conf #LogFile /var/log/httpd/access_log LogFile /var/log/squid/access.log LogType squid 3. Start and enable services systemctl start squid.service systemctl enable squid.service systemctl start httpd.service systemctl enable httpd.service 4. Enable webalizer in cron vi /etc/sysconfig/webalizer WEBALIZER_CRON=yes cat /etc/cron.daily/00webalizer #!/bin/bash NAME=webalizer [ -f /etc/sysconfig/$NAME ] || exit 0 source /etc/sysconfig/$NAME [ "z$WEBALIZER_CRON" != "zyes" ] && exit 0 exec /usr/bin/webalizer -Q Actual results: Failure to run by cron as noted above unless SELinux changed to permissive. Expected results: Should run as a cron job with SELinux mode is enforcing. Additional info: # ls -laZ /var/www drwxr-xr-x. 6 root root system_u:object_r:httpd_sys_content_t:s0 58 Nov 29 17:32 . drwxr-xr-x. 22 root root system_u:object_r:var_t:s0 4096 Nov 29 17:32 .. drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_script_exec_t:s0 6 Oct 25 08:01 cgi-bin drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_content_t:s0 6 Oct 25 08:01 html drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_content_t:s0 171 Nov 29 17:32 mrtg drwxr-xr-x. 2 webalizer root system_u:object_r:webalizer_rw_content_t:s0 4096 Dec 2 03:34 usage # ls -laZ /var/www/usage drwxr-xr-x. 2 webalizer root system_u:object_r:webalizer_rw_content_t:s0 4096 Dec 2 03:34 . drwxr-xr-x. 6 root root system_u:object_r:httpd_sys_content_t:s0 58 Nov 29 17:32 .. -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 2322 Dec 2 03:34 ctry_usage_201711.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 2310 Dec 2 03:34 ctry_usage_201712.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 2590 Dec 2 03:34 daily_usage_201711.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 2577 Dec 2 03:34 daily_usage_201712.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 1741 Dec 2 03:34 hourly_usage_201711.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 1836 Dec 2 03:34 hourly_usage_201712.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 4244 Dec 4 03:26 index.html -rw-r--r--. 1 webalizer root system_u:object_r:webalizer_rw_content_t:s0 1478 Mar 21 2008 msfree.png -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 48237 Dec 2 03:34 usage_201711.html -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 49800 Dec 2 03:34 usage_201712.html -rw-r--r--. 1 root root system_u:object_r:webalizer_rw_content_t:s0 2323 Dec 4 03:26 usage.png -rw-r--r--. 1 webalizer root system_u:object_r:webalizer_rw_content_t:s0 1253 Mar 21 2008 webalizer.png
*** This bug has been marked as a duplicate of bug 1382785 ***