[CentOS] selinux allow apache log access

Wed Jun 17 15:24:31 UTC 2015
Harold Toms <h.toms at qmul.ac.uk>

On 17/06/15 15:27, Tim Dunphy wrote:
>> Try something like:
>> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
>> semodule -i zabbix.pp
> Thanks for your response! However this is what happens when I try to
> install the module:
>   [root at monitor2:~] #semodule -i zabbix.pp
> libsepol.print_missing_requirements: zabbix's global requirements were not
> met: type/attribute zabbix_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule:  Failed!
> Any other thoughts?
> Thanks,
> Tim

That's because there's already a zabbix module loaded (the message isn't 
very informative!). I forgot that the received wisdom is to insert "my" 
in front of ones own modules i.e.:

grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
semodule -i myzabbix.pp


Harold Toms
"Priestley's works... tended to unsettle every thing, and yet settled nothing."
- Samuel Johnson.