I installed a new system, and saw that I was getting a set of selinux
messages everytime cron runs. It looks like it is this bug:
Bug 169434 Processed: selinux prevents webalizer running from cron
The message from audit2allow is
allow webalizer_t fs_t:filesystem getattr;
audit2why shows:
type=AVC msg=audit(1167649332.157:607): avc: denied { getattr } for
pid=2739 comm="webalizer" name="/" dev=dm-3 ino=2
scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean
settings; check boolean settings.
You can see the necessary allow rules by running
audit2allow with this audit message as input.
type=AVC msg=audit(1167649332.273:608): avc: denied { getattr } for
pid=2737 comm="webalizer" name="/" dev=dm-3 ino=2
scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean
settings; check boolean settings.
You can see the necessary allow rules by running
audit2allow with this audit message as input.
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
