[CentOS] selinux allow apache log access

Wed Jun 17 09:32:16 UTC 2015
Harold Toms <h.toms at qmul.ac.uk>

Try something like:

grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
semodule -i zabbix.pp

On 16/06/15 15:58, Tim Dunphy wrote:
> Hey guys,.
>   I have a centos 7 machine I'm using as a zabbix server. And I noticed that
> apache won't start, with this complaint in the error log:
> (13)Permission denied: AH00091: httpd: could not open error log file
> /var/log/zabbix_error_log.
> AH00015: Unable to open logs
> I tried having a look at audit2allow and this is the response I get back:
> [root at monitor2:/etc/httpd] #grep http /var/log/audit/audit.log | audit2allow
> #============= httpd_t ==============
> allow httpd_t zabbix_log_t:file open;
> How can I turn that bit of information into a rule that allows apache
> access to this zabbix log file?
> I notice that if I disable selinux using setenfor 0, apache starts up
> without complaint. But I would rather not leave it disabled.
> Thanks,
> Tim


Harold Toms
"Priestley's works... tended to unsettle every thing, and yet settled 
- Samuel Johnson.