-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/24/2012 11:20 AM, Dan Thurman wrote:
On 10/24/2012 07:49 AM, Dan Thurman wrote:
On 10/24/2012 06:30 AM, Daniel J Walsh wrote:
Are you seeing any AVC messages?
Yes. I thought I provided the AVC logs in the previous posting, unless there is something else you require
Just in case you require the data from the audit logs directly. These AVC denials are generated only when the 'Update now" link is clicked.
# =============================================================== # The following is generated when awstats.pl tries to create a lock on /tmp/awstat.<MyDomain>.lock # ONLY if the awstat config parameter EnableLockForUpdate=1 thus generates an AVC denial # and blocks Awstats update:
type=AVC msg=audit(1351027118.095:3168): avc: denied { write } for pid=28438 comm="awstats.pl" name="tmp" dev=sda8 ino=1835010 scontext=unconfined_u:system_r:httpd_awstats_script_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
Thanks, Any reason this is creating the lock file in /tmp? It seems to be creating a guessable name, is this your local customization or the default?
# =============================================================== # The following is generated when awstats.pl tries to access /var/log/access_log # when EnableLockForUpdate=0 which means the lock code is bypassed but the # next code step generates an AVC denial and blocks Awstats updates:
type=AVC msg=audit(1351022397.831:2991): avc: denied { read } for pid=20931 comm="awstats.pl" name="access_log" dev=sda8 ino=6211707 scontext=unconfined_u:system_r:httpd_awstats_script_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=file
# ===============================================================
Is awstats supposed to read the access_log?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux