213478 – webalizer: Error: Can't change directory to /var/www/usage

Bug 213478 - webalizer: Error: Can't change directory to /var/www/usage

Summary: webalizer: Error: Can't change directory to /var/www/usage

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-01 17:07 UTC by Mace Moneta
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-11-17 19:38:12 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mace Moneta 2006-11-01 17:07:22 UTC

Description of problem:

Webalizer fails with the error:

Error: Can't change directory to /var/www/usage

An strace shows:

chdir("/var/www/usage")                 = -1 EACCES (Permission denied)

The directory and its context appear correct:

# ls -ldZ /var/www/usage/
drwxr-xr-x  webalizer root system_u:object_r:httpd_sys_content_t /var/www/usage

No audits are issued when the failure occurs, however, setting selinux to
permissive mode allows webalizer to run successfully.  

Version-Release number of selected component (if applicable):

webalizer-2.01_10-30.1

How reproducible:

Always

Steps to Reproduce:
1. Run /usr/bin/webalizer
2. Confirm error
3. setenforce 0
4. Run /usr/bin/webalizer
5. Confirm success

Actual results:

Error: Can't change directory to /var/www/usage

Expected results:

No error

Additional info:

Comment 1 Daniel Walsh 2006-11-15 13:41:51 UTC

Did you look in /var/log/audit/audit.log for messages?

Comment 2 Mace Moneta 2006-11-15 14:36:30 UTC

I didn't have audit installed at the time, so there was no audit.log (see bug
#212750).  Without it, 'audit2allow -l -a' showed no AVC messages.  After audit
was installed, the problem became apparent.

This bug and #212750 have the same cause; the audit package not being installed
by default in FC6.

Comment 3 Daniel Walsh 2006-11-15 15:19:09 UTC

And the problem is?

Comment 4 Mace Moneta 2006-11-15 15:34:03 UTC

I'm OK with it if you are.  I can manually install audit on my systems.

Comment 5 Daniel Walsh 2006-11-15 21:39:15 UTC

I don't understand, why was webalizer failing.  Without audit installed the log
messages should go in /var/log/messages

Comment 6 Mace Moneta 2006-11-15 22:08:05 UTC

That's the point; without audit, the reporting tools (like audit2allow) which
were installed didn't work, so there was no indication of the cause of the
failure.  Webalizer says "permission denied", the audit tools lie and say "no
AVC messages", and the files look like the permissions are OK.

Personally, I think audit should be installed by default, otherwise there's no
sense in having policycoreutils, since they provide misinformation (no audits).

Comment 7 Daniel Walsh 2006-11-15 22:41:57 UTC

Could you attach /var/log/messages, the avc messages should have been there.
Avc messages are reported in /var/log/messages if the audit daemon is not
running.  audit2allow -a  is supposed to look there.

Comment 8 Mace Moneta 2006-11-17 19:38:12 UTC

I can't recreate the problem (I even tried a new install on another machine),
and the original /var/log/messages has rotated out, so I'm assuming that it was
a file context error (user error) that has since been corrected.  Closing.

Note You need to log in before you can comment on or make changes to this bug.