Bug 175482 - httpd isn't allowed to access webalizer files
httpd isn't allowed to access webalizer files
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-12-11 13:31 EST by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-02 12:26:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2005-12-11 13:31:32 EST
Description of problem:
Per default, I'm not able to access webalizer files via httpd - but shouldn't be 
exactly this the case? At least webalizer generates statistics from httpd log 
files... ;-) 

Version-Release number of selected component (if applicable):

Actual results/Expected results:
I added the following rules solving this for my personal use, but maybe these 
could be added at upstream using a selinux boolean or similar?

allow httpd_t webalizer_var_lib_t:dir { getattr read search };
allow httpd_t webalizer_var_lib_t:file { getattr read };
Comment 1 Chris PeBenito 2005-12-13 10:54:10 EST
From doing some testing on rawhide with the default configurations, I haven't
been able to reproduce this problem.  Webalizer can run from the command line or
from cron, and apache can read its output successfully.  Is this what you are
trying to do, or somthing different?
Comment 2 Robert Scheck 2005-12-13 18:25:28 EST
Ush...I didn't recognize, that the default webalizer output directory changed to 
/var/www/usage very long time ago :(

But when you're already talking about webalizer and cron, there I get the 
following AVC message:

type=AVC msg=audit(1132538702.239:278): avc:  denied  { search } for  pid=15802 
comm="webalizer" name="root" dev=cciss/c0d0p2 ino=327681 scontext=root:system_r:
webalizer_t:s0-s0:c0.c255 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1132538702.239:278): arch=40000003 syscall=195 success=no 
exit=-2 a0=80606e6 a1=bf9f729c a2=25cff4 a3=bf9f729c items=1 pid=15802 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="webalizer" exe="/usr/bin/webalizer"
type=CWD msg=audit(1132538702.239:278):  cwd="/root"
type=PATH msg=audit(1132538702.239:278): item=0 name="webalizer.conf" flags=101
Comment 3 Daniel Walsh 2006-01-02 12:26:59 EST
Fixed in selinux-policy-2.1.6-19

Note You need to log in before you can comment on or make changes to this bug.