Hide Forgot
SELinux is preventing /usr/sbin/logrotate from 'read' accesses on the directory /var/stockmaniac/templates_cache. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow logrotate to have read access on the templates_cache directory Then you need to change the label on /var/stockmaniac/templates_cache Do # semanage fcontext -a -t FILE_TYPE '/var/stockmaniac/templates_cache' where FILE_TYPE is one of the following: etc_t, named_cache_t, proc_t, acct_data_t, httpd_config_t, security_t, var_spool_t, munin_etc_t, var_lib_t, mysqld_etc_t, configfile, domain, abrt_var_cache_t, var_log_t, sysctl_crypto_t, net_conf_t, inotifyfs_t, abrt_t, lib_t, sysctl_kernel_t, root_t, usr_t, cert_type, mailman_log_t, device_t, logrotate_t, varnishlog_log_t, etc_t, var_lock_t, bin_t, tmp_t, usr_t, logrotate_var_lib_t, user_home_dir_t, logrotate_tmp_t, logfile, pidfile, device_t, devpts_t, var_run_t, locale_t, nscd_var_run_t. Then execute: restorecon -v '/var/stockmaniac/templates_cache' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that logrotate should be allowed read access on the templates_cache directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep logrotate /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_t:s0 Target Objects /var/stockmaniac/templates_cache [ dir ] Source logrotate Source Path /usr/sbin/logrotate Port <Unknown> Host (removed) Source RPM Packages logrotate-3.7.8-9.fc13 Target RPM Packages stockmaniac-gui-0.16.1-1.fc13 Policy RPM selinux-policy-3.7.19-80.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.34.7-66.fc13.i686 #1 SMP Wed Dec 15 07:40:25 UTC 2010 i686 i686 Alert Count 2 First Seen Sat 05 Mar 2011 03:16:12 AM EST Last Seen Sat 05 Mar 2011 03:16:12 AM EST Local ID 11b22fac-2b9d-4142-9752-10dca0944f10 Raw Audit Messages type=AVC msg=audit(1299312972.989:175501): avc: denied { read } for pid=11953 comm="logrotate" name="templates_cache" dev=dm-0 ino=1062733 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir type=SYSCALL msg=audit(1299312972.989:175501): arch=i386 syscall=open success=no exit=EACCES a0=bf8a7c70 a1=98800 a2=bf5ff4 a3=0 items=0 ppid=11951 pid=11953 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2253 comm=logrotate exe=/usr/sbin/logrotate subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) Hash: logrotate,logrotate_t,var_t,dir,read audit2allow #============= logrotate_t ============== allow logrotate_t var_t:dir read; audit2allow -R #============= logrotate_t ============== allow logrotate_t var_t:dir read;
Where does stockmaniac-gui come from? Also could you add output of # rpm -ql stockmaniac-gui
Looks like you need to label this var_log_t semanage fcontext -a -t var_log_t '/var/stockmaniac(/.*)?' restorecon -R -v /var/stockmaniac I would open a bug with stockmainiac and tell them to store their cache files in /var/cache and log files in /var/log