Bug 213478 – webalizer: Error: Can't change directory to /var/www/usage

Bug 213478 - webalizer: Error: Can't change directory to /var/www/usage

Summary:	webalizer: Error: Can't change directory to /var/www/usage

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted (Show other bugs)
Sub Component:
Version:	6
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-11-01 12:07 EST by Mace Moneta
Modified:	2007-11-30 17:11 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-11-17 14:38:12 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Mace Moneta 2006-11-01 12:07:22 EST

Description of problem:

Webalizer fails with the error:

Error: Can't change directory to /var/www/usage

An strace shows:

chdir("/var/www/usage")                 = -1 EACCES (Permission denied)

The directory and its context appear correct:

# ls -ldZ /var/www/usage/
drwxr-xr-x  webalizer root system_u:object_r:httpd_sys_content_t /var/www/usage

No audits are issued when the failure occurs, however, setting selinux to
permissive mode allows webalizer to run successfully.  

Version-Release number of selected component (if applicable):

webalizer-2.01_10-30.1

How reproducible:

Always

Steps to Reproduce:
1. Run /usr/bin/webalizer
2. Confirm error
3. setenforce 0
4. Run /usr/bin/webalizer
5. Confirm success

Actual results:

Error: Can't change directory to /var/www/usage

Expected results:

No error

Additional info:

Comment 1 Daniel Walsh 2006-11-15 08:41:51 EST

Did you look in /var/log/audit/audit.log for messages?

Comment 2 Mace Moneta 2006-11-15 09:36:30 EST

I didn't have audit installed at the time, so there was no audit.log (see bug
#212750).  Without it, 'audit2allow -l -a' showed no AVC messages.  After audit
was installed, the problem became apparent.

This bug and #212750 have the same cause; the audit package not being installed
by default in FC6.

Comment 3 Daniel Walsh 2006-11-15 10:19:09 EST

And the problem is?

Comment 4 Mace Moneta 2006-11-15 10:34:03 EST

I'm OK with it if you are.  I can manually install audit on my systems.

Comment 5 Daniel Walsh 2006-11-15 16:39:15 EST

I don't understand, why was webalizer failing.  Without audit installed the log
messages should go in /var/log/messages

Comment 6 Mace Moneta 2006-11-15 17:08:05 EST

That's the point; without audit, the reporting tools (like audit2allow) which
were installed didn't work, so there was no indication of the cause of the
failure.  Webalizer says "permission denied", the audit tools lie and say "no
AVC messages", and the files look like the permissions are OK.

Personally, I think audit should be installed by default, otherwise there's no
sense in having policycoreutils, since they provide misinformation (no audits).

Comment 7 Daniel Walsh 2006-11-15 17:41:57 EST

Could you attach /var/log/messages, the avc messages should have been there.
Avc messages are reported in /var/log/messages if the audit daemon is not
running.  audit2allow -a  is supposed to look there.

Comment 8 Mace Moneta 2006-11-17 14:38:12 EST

I can't recreate the problem (I even tried a new install on another machine),
and the original /var/log/messages has rotated out, so I'm assuming that it was
a file context error (user error) that has since been corrected.  Closing.

Note You need to log in before you can comment on or make changes to this bug.