View Issue Details

IDProjectCategoryView StatusLast Update
0014159CentOS-7selinux-policypublic2017-11-21 15:03
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0014159: SELinux is preventing /usr/bin/perl from 'unlink' accesses on the file /var/lib/awstats/awstats102017.openlap.txt.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/perl from 'unlink' accesses on the file /var/lib/awstats/awstats102017.openlap.txt.

***** Plugin restorecon (94.8 confidence) suggests ************************

If you want to fix the label.
/var/lib/awstats/awstats102017.openlap.txt default label should be awstats_var_lib_t.
Then you can run restorecon.
# /sbin/restorecon -v /var/lib/awstats/awstats102017.openlap.txt

***** Plugin catchall_labels (5.21 confidence) suggests *******************

If you want to allow perl to have unlink access on the awstats102017.openlap.txt file
Then you need to change the label on /var/lib/awstats/awstats102017.openlap.txt
# semanage fcontext -a -t FILE_TYPE '/var/lib/awstats/awstats102017.openlap.txt'
where FILE_TYPE is one of the following: awstats_tmp_t, awstats_var_lib_t.
Then execute:
restorecon -v '/var/lib/awstats/awstats102017.openlap.txt'

***** Plugin catchall (1.44 confidence) suggests **************************

If you believe that perl should be allowed unlink access on the awstats102017.openlap.txt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c '' --raw | audit2allow -M my-awstatspl
# semodule -i my-awstatspl.pp

Additional Information:
Source Context system_u:system_r:awstats_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_lib_t:s0
Target Objects /var/lib/awstats/awstats102017.openlap.txt [ file
Source Path /usr/bin/perl
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.5.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-514.26.2.el7.x86_64 #1 SMP
                              Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64
Alert Count 18
First Seen 2017-11-21 08:01:02 IST
Last Seen 2017-11-21 19:01:01 IST
Local ID e84c42c4-2f5b-411c-af6e-a5d78d3443bc

Raw Audit Messages
type=AVC msg=audit(1511271061.529:121729): avc: denied { unlink } for pid=28415 comm="" name="awstats102017.openlap.txt" dev="dm-0" ino=33621938 scontext=system_u:system_r:awstats_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file


Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-514.26.2.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-11-21 15:04 rakesh4osdd New Issue