[CentOS] selinux allow apache log access

Wed Jun 17 20:11:40 UTC 2015
Daniel J Walsh <dwalsh at redhat.com>

On 06/17/2015 04:03 PM, Jonathan Billings wrote:
> On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote:
>> No prob! Thanks for all the help! But in searching my system I don't find
>> anything of the sort.
>> [root at monitor2:~] #updatedb
>> [root at monitor2:~] #locate myzabbix.te
>> [root at monitor2:~] #find / -name "myzabbix.*"
>> I also did search using 'yum provides' to find something similar. But
>> wasn't' able to find anything.
> What we're asking for is the contents of the .te file that is created
> when you run audit2allow.
Go back to the original email and do what you were told

# grep zabbix /var/log/audit/audit.log  | audit2allow -M myzabbix
# semodule -i myzabbix.pp

You did audit2allow -M zabbix

Which created zabbix.te and zabbix.pp, which is bad.  It will attempt to
replace the system module.

If you use myzappix, it will add the allow rules.