[CentOS] selinux allow apache log access

Wed Jun 17 15:29:51 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

>
> That's because there's already a zabbix module loaded (the message isn't
> very informative!). I forgot that the received wisdom is to insert "my" in
> front of ones own modules i.e.:
> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> semodule -i myzabbix.pp



Hmm no luck there either:

[root at monitor2:~] #semodule -i myzabbix.pp
*semodule:  Failed on myzabbix.pp!*

I also tried:

[root at monitor2:~] #semodule -i my_zabbix
semodule:  Failed on my_zabbix!

And

[root at monitor2:~] #semodule -i my-zabbix
semodule:  Failed on my-zabbix!

Just in case.. none of that worked.


Got any other ideas? :)

Tim


On Wed, Jun 17, 2015 at 11:24 AM, Harold Toms <h.toms at qmul.ac.uk> wrote:

> On 17/06/15 15:27, Tim Dunphy wrote:
>
>> Try something like:
>>> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
>>> semodule -i zabbix.pp
>>>
>>
>>
>> Thanks for your response! However this is what happens when I try to
>> install the module:
>>
>>   [root at monitor2:~] #semodule -i zabbix.pp
>> libsepol.print_missing_requirements: zabbix's global requirements were not
>> met: type/attribute zabbix_t (No such file or directory).
>> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
>> directory).
>> semodule:  Failed!
>>
>>
>> Any other thoughts?
>>
>> Thanks,
>> Tim
>>
>>
>>
> That's because there's already a zabbix module loaded (the message isn't
> very informative!). I forgot that the received wisdom is to insert "my" in
> front of ones own modules i.e.:
>
> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> semodule -i myzabbix.pp
>
>
>
> --
> regards
>
> Harold Toms
> http://iodine.chem.qmul.ac.uk
> "Priestley's works... tended to unsettle every thing, and yet settled
> nothing."
> - Samuel Johnson.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B