Could you please attach here the result of command:
df -h -l -x tmpfs

[root@riker ~]# df -h -l -x tmpfs
Dateisystem          Größe Benut  Verf Ben% Eingehängt auf
/dev/sda5              14G  6,3G  6,9G  48% /
/dev/sda1             981M   46M  886M   5% /boot
/dev/sda7              69G   51G   15G  78% /usr/src/vmware

Created attachment 261041 [details]
testing script

Could you please substitute your file
/usr/share/logwatch/scripts/services/zz-disk_space 
with attached one. And put here the output of command:
logwatch --print --service zz-disk_space.

Looks much better with your new script:


 ################### Logwatch 7.3.6 (05/19/07) #################### 
        Processing Initiated: Fri Nov 16 19:31:08 2007
        Date Range Processed: yesterday
                              ( 2007-Nov-15 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: riker.ncc1701d
  ################################################################## 
 
 --------------------- Disk Space Begin ------------------------ 

 the used command is: df -h -l -x tmpfs
  
 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5              14G  6.3G  6.9G  48% /
 /dev/sda1             981M   46M  886M   5% /boot
 /dev/sda7              69G   51G   15G  78% /usr/src/vmware
 
  finished 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End ######################### 

Hmm, running from anacron it still doesn't work: 

--------------------- Disk Space Begin ------------------------ 

 the used command is: df -h -l -x tmpfs
  
 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5              14G  6.3G  6.9G  48% /
 /dev/sda1             981M   46M  886M   5% /boot
 df: `/usr/src/vmware': Permission denied
 
  finished 
 df: `/usr/src/vmware': Permission denied
 
 ---------------------- Disk Space End ------------------------- 

Hello,
do you have selinux targeted? Please try to run anacron with setenforce 0 and
let me know.
Regards,
Marcela (anacron maintainer)

Yes, selinux targeted is set to enforcing mode by default. After setenforce 0
everything is ok:

--------------------- Disk Space Begin ------------------------ 

 the used command is: df -h -l -x tmpfs
  
 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5              14G  6.3G  7.0G  48% /
 /dev/sda1             981M   46M  886M   5% /boot
 /dev/sda7              69G   51G   15G  78% /usr/src/vmware
 
  finished 
 
 ---------------------- Disk Space End ------------------------- 

I checked yesterdays logs, but there is no message from selinux indicating there
is a problem during the anacron run.

This seems to be selinux-policy problem - reasign to selinux. 

Fixed in selinux-policy-3.0.8-59.fc8

If you execute 
# semodule -DB

You can get all of the AVC Messages that are being dontaudited.

You will probably see one about logwatch searching src_t.

# semodule -B 
Will turn off dontaudits again.

Hmm, run 'semodule -DB' directly after power-on. This resulted in:


Nov 20 17:06:42 riker dbus: avc:  received policyload notice (seqno=3)
Nov 20 17:06:44 riker setroubleshoot: #012    SELinux hindert dbus-daemon
(system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012
    For complete SELinux messages. run sealert -l
f284566b-311b-422a-aa8a-4cf3f4a7502f
Nov 20 17:06:44 riker setroubleshoot: #012    SELinux hindert dbus-daemon
(system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012
    For complete SELinux messages. run sealert -l
f284566b-311b-422a-aa8a-4cf3f4a7502f
Nov 20 17:06:44 riker setroubleshoot: [program.ERROR] Can not handle AVC'S
related to dispatcher. exiting#012setroubleshoot
context=system_u:system_r:setroubleshootd_t:s0, AVC
scontext=system_u:system_r:setroubleshootd_t:s0
Nov 20 17:06:44 riker setroubleshoot: #012    SELinux hindert /bin/dbus-daemon
(system_dbusd_t) "name_bind" am Zugriff auf <Unknown> (hi_reserved_port_t).#012
    For complete SELinux messages. run sealert -l
f284566b-311b-422a-aa8a-4cf3f4a7502f

But I got no AVC message for logwatch. The disk space error ist still there:

--------------------- Disk Space Begin ------------------------ 

 the used command is: df -h -l -x tmpfs
  
 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5              14G  6.3G  7.0G  48% /
 /dev/sda1             981M   46M  886M   5% /boot
 df: `/usr/src/vmware': Permission denied
 
  finished 
 df: `/usr/src/vmware': Permission denied
 
 ---------------------- Disk Space End ------------------------- 

Do I have to update to selinux-policy-3.0.8-59.fc8 just to see the messages?

Nope bug could you look at /var/log/audit/audit.log Setroubleshoot probably exited.

Created attachment 265181 [details]
audit.log file

I've attached my audit.log file for inspection. I don't see anything relvant
there. Why aren't the the timestamps stored in a readable format? It's hard to
search for specific entries at a certain time.

ausearch -m avc 

would extract all of the avc messages and format the time stamp.

type=AVC msg=audit(1195579341.191:244): avc:  denied  { search } for  pid=5327
comm="df" name="src" dev=sda5 ino=2192355
scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:src_t:s0
tclass=dir

is causing the failure

allow logwatch_t src_t:dir search;

If you added this rule, it should begin to work

# grep src_t /var/log/audit/audit.log | audit2allow -M mylogwatch
# semodule -i mylogwatch.pp

Ok, then I'll just wait until selinux-policy-3.0.8-59.fc8 is available as an
update. I don't like creating special rules for my system. Everything should
just work with the default setup.

I'm now on selinux-policy-targeted-3.0.8-62.fc8 and the problem is gone. Thanks!