[CentOS] selinux allow apache log access

Tue Jun 16 14:58:14 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

Hey guys,.

 I have a centos 7 machine I'm using as a zabbix server. And I noticed that
apache won't start, with this complaint in the error log:

(13)Permission denied: AH00091: httpd: could not open error log file
/var/log/zabbix_error_log.
AH00015: Unable to open logs


I tried having a look at audit2allow and this is the response I get back:

[root at monitor2:/etc/httpd] #grep http /var/log/audit/audit.log | audit2allow


#============= httpd_t ==============
allow httpd_t zabbix_log_t:file open;

How can I turn that bit of information into a rule that allows apache
access to this zabbix log file?

I notice that if I disable selinux using setenfor 0, apache starts up
without complaint. But I would rather not leave it disabled.

Thanks,
Tim

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B