Summary: SELinux is preventing the 0logwatch from using potentially mislabeled files (/root). Detailed Description: [0logwatch has a permissive type (logwatch_t). This access was not denied.] SELinux has denied 0logwatch access to potentially mislabeled file(s) (/root). This means that SELinux will not allow 0logwatch to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want 0logwatch to access this files, you need to relabel them using restorecon -v '/root'. You might want to relabel the entire directory using restorecon -R -v '/root'. Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source 0logwatch Source Path /usr/bin/perl Port <Unknown> Host (removed) Source RPM Packages perl-5.10.0-74.fc10 Target RPM Packages filesystem-2.4.19-1.fc10 Policy RPM selinux-policy-3.5.13-74.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux localhost.localdomain 2.6.27.41-170.2.117.fc10.i686 #1 SMP Thu Dec 10 11:00:29 EST 2009 i686 i686 Alert Count 1 First Seen Thu 28 Jan 2010 06:23:54 AM EST Last Seen Thu 28 Jan 2010 06:23:54 AM EST Local ID 12c7598d-3474-411e-9fb1-1db6bffff780 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1264677834.343:89): avc: denied { read } for pid=4091 comm="0logwatch" path="/root" dev=dm-0 ino=131073 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=localhost.localdomain type=SYSCALL msg=audit(1264677834.343:89): arch=40000003 syscall=11 success=yes exit=0 a0=9308308 a1=93081e0 a2=9308038 a3=0 items=0 ppid=4050 pid=4091 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.5.13-74.fc10,home_tmp_bad_labels,0logwatch,logwatch_t,admin_home_t,dir,read audit2allow suggests: #============= logwatch_t ============== allow logwatch_t admin_home_t:dir read;
For some reason you have logwatch attempting to list the contents of the /root directory. Did you modify the system to do this?
*** This bug has been marked as a duplicate of bug 538428 ***