On Tue, 2013-05-28 at 10:26 +0200, Geert Janssens wrote:
type=AVC msg=audit(1369468867.049:94733): avc: denied { search } for pid=7230 comm="awstats.pl" name="www" dev=xvda ino=5832775 scontext=system_u:system_r:awstats_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
Next I'm confused with the labels. The file is labeled system_u:object_r:httpd_log_t:s0, but the avc seems to complain about system_u:object_r:httpd_sys_content_t:s0
The awstats.pl command was trying to "traverse" the "(/var/)www" directory, which is labeled rightfully httpd_sys_content_t.
I can get all that information (and more) by analyzing the "type=AVC" line above.
Either you have "misconfigured" awstats (what business does awstats.pl have with webserver content?) or you need to adjust the policy to reflect your particular configuration