> Then we can go to:
> <...> avc: denied { write } for pid=5898 comm="LLAWP"
> path="/var/log/httpd/smagent.log" dev=sda3 ino=<whatever>
> scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0
> tclass=file
When selinux is configured for permissive mode, the action is
permitted, but selinux still logs a denial message -- if the mode is
set to "enforcing" then the action itself would be denied and a denial
message would be logged. Permissive mode shows you what things would
be denied, but doesn't actually deny them.
Basically, what's happening with your siteminder app is that the
selinux policy doesn't permit the source executable context to write
to the smagent.log file due to the file's context.
Check out http://www.linuxforums.org/articles/accomodating-avc-denied-messages-selinux_355.html
This explains how to decipher the denial message and how to use
audit2allow to specifically permit your application to write to the
appropriate log file.
HTH,
M