Summary: SELinux is preventing /usr/bin/webalizer "getattr" access on /usr/libexec/webmin/vsftpd/webalizer/xfer_log. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by webalizer. It is not expected that this access is required by webalizer and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:webalizer_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/libexec/webmin/vsftpd/webalizer/xfer_log [ file ] Source webalizer Source Path /usr/bin/webalizer Port <Unknown> Host (removed) Source RPM Packages webalizer-2.21_02-3 Target RPM Packages Policy RPM selinux-policy-3.7.19-33.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 3 First Seen Sat 17 Jul 2010 03:15:30 AM CDT Last Seen Mon 19 Jul 2010 03:35:28 AM CDT Local ID 3cb4ea16-fd12-4b80-be7c-66aac2ee7ab5 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1279528528.476:57516): avc: denied { getattr } for pid=9149 comm="webalizer" path="/usr/libexec/webmin/vsftpd/webalizer/xfer_log" dev=dm-0 ino=4981569 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1279528528.476:57516): arch=c000003e syscall=5 success=yes exit=0 a0=4 a1=7fff95d82c80 a2=7fff95d82c80 a3=0 items=0 ppid=9147 pid=9149 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4277 comm="webalizer" exe="/usr/bin/webalizer" subj=system_u:system_r:webalizer_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,webalizer,webalizer_t,bin_t,file,getattr audit2allow suggests: #============= webalizer_t ============== allow webalizer_t bin_t:file getattr;
Is /usr/libexec/webmin/vsftpd/webalizer/xfer_log a log file? Or is it a binary? Why is webalizer looking at this file?
chcon -t xferlog_t /usr/libexec/webmin/vsftpd/webalizer/xfer_log If this is the same file as /var/log/xferlog Will solve the problem.
This is a log file. The error message started after I installed the vsftpd administrator module for webmin. Your suggested fix solved the problem. Thanks.
Miroslav I guess we have to add /usr/libexec/webmin/vsftpd/webalizer/xfer_log -- gen_context(system_u:object_r:xferlog_t,s0)
Fixed in selinux-policy-3.7.19-38.fc13
selinux-policy-3.7.19-39.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-39.fc13
selinux-policy-3.7.19-39.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.