Try something like: grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix semodule -i zabbix.pp On 16/06/15 15:58, Tim Dunphy wrote: > Hey guys,. > > I have a centos 7 machine I'm using as a zabbix server. And I noticed that > apache won't start, with this complaint in the error log: > > (13)Permission denied: AH00091: httpd: could not open error log file > /var/log/zabbix_error_log. > AH00015: Unable to open logs > > > I tried having a look at audit2allow and this is the response I get back: > > [root at monitor2:/etc/httpd] #grep http /var/log/audit/audit.log | audit2allow > > > #============= httpd_t ============== > allow httpd_t zabbix_log_t:file open; > > How can I turn that bit of information into a rule that allows apache > access to this zabbix log file? > > I notice that if I disable selinux using setenfor 0, apache starts up > without complaint. But I would rather not leave it disabled. > > Thanks, > Tim > -- regards Harold Toms http://iodine.chem.qmul.ac.uk "Priestley's works... tended to unsettle every thing, and yet settled nothing." - Samuel Johnson.