Bug 213478 - webalizer: Error: Can't change directory to /var/www/usage
webalizer: Error: Can't change directory to /var/www/usage
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-11-01 12:07 EST by Mace Moneta
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-17 14:38:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mace Moneta 2006-11-01 12:07:22 EST
Description of problem:

Webalizer fails with the error:

Error: Can't change directory to /var/www/usage

An strace shows:

chdir("/var/www/usage")                 = -1 EACCES (Permission denied)

The directory and its context appear correct:

# ls -ldZ /var/www/usage/
drwxr-xr-x  webalizer root system_u:object_r:httpd_sys_content_t /var/www/usage

No audits are issued when the failure occurs, however, setting selinux to
permissive mode allows webalizer to run successfully.  

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Run /usr/bin/webalizer
2. Confirm error
3. setenforce 0
4. Run /usr/bin/webalizer
5. Confirm success

Actual results:

Error: Can't change directory to /var/www/usage

Expected results:

No error

Additional info:
Comment 1 Daniel Walsh 2006-11-15 08:41:51 EST
Did you look in /var/log/audit/audit.log for messages?
Comment 2 Mace Moneta 2006-11-15 09:36:30 EST
I didn't have audit installed at the time, so there was no audit.log (see bug
#212750).  Without it, 'audit2allow -l -a' showed no AVC messages.  After audit
was installed, the problem became apparent.

This bug and #212750 have the same cause; the audit package not being installed
by default in FC6.
Comment 3 Daniel Walsh 2006-11-15 10:19:09 EST
And the problem is?
Comment 4 Mace Moneta 2006-11-15 10:34:03 EST
I'm OK with it if you are.  I can manually install audit on my systems.
Comment 5 Daniel Walsh 2006-11-15 16:39:15 EST
I don't understand, why was webalizer failing.  Without audit installed the log
messages should go in /var/log/messages
Comment 6 Mace Moneta 2006-11-15 17:08:05 EST
That's the point; without audit, the reporting tools (like audit2allow) which
were installed didn't work, so there was no indication of the cause of the
failure.  Webalizer says "permission denied", the audit tools lie and say "no
AVC messages", and the files look like the permissions are OK.

Personally, I think audit should be installed by default, otherwise there's no
sense in having policycoreutils, since they provide misinformation (no audits).
Comment 7 Daniel Walsh 2006-11-15 17:41:57 EST
Could you attach /var/log/messages, the avc messages should have been there.
Avc messages are reported in /var/log/messages if the audit daemon is not
running.  audit2allow -a  is supposed to look there.
Comment 8 Mace Moneta 2006-11-17 14:38:12 EST
I can't recreate the problem (I even tried a new install on another machine),
and the original /var/log/messages has rotated out, so I'm assuming that it was
a file context error (user error) that has since been corrected.  Closing.

Note You need to log in before you can comment on or make changes to this bug.