Description of problem: Per default, I'm not able to access webalizer files via httpd - but shouldn't be exactly this the case? At least webalizer generates statistics from httpd log files... ;-) Version-Release number of selected component (if applicable): selinux-policy-targeted-2.1.2-1 Actual results/Expected results: I added the following rules solving this for my personal use, but maybe these could be added at upstream using a selinux boolean or similar? allow httpd_t webalizer_var_lib_t:dir { getattr read search }; allow httpd_t webalizer_var_lib_t:file { getattr read };
From doing some testing on rawhide with the default configurations, I haven't been able to reproduce this problem. Webalizer can run from the command line or from cron, and apache can read its output successfully. Is this what you are trying to do, or somthing different?
Ush...I didn't recognize, that the default webalizer output directory changed to /var/www/usage very long time ago :( But when you're already talking about webalizer and cron, there I get the following AVC message: type=AVC msg=audit(1132538702.239:278): avc: denied { search } for pid=15802 comm="webalizer" name="root" dev=cciss/c0d0p2 ino=327681 scontext=root:system_r: webalizer_t:s0-s0:c0.c255 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir type=SYSCALL msg=audit(1132538702.239:278): arch=40000003 syscall=195 success=no exit=-2 a0=80606e6 a1=bf9f729c a2=25cff4 a3=bf9f729c items=1 pid=15802 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="webalizer" exe="/usr/bin/webalizer" type=CWD msg=audit(1132538702.239:278): cwd="/root" type=PATH msg=audit(1132538702.239:278): item=0 name="webalizer.conf" flags=101
Fixed in selinux-policy-2.1.6-19