On Mon, Oct 19, 2009 at 11:59:11PM -0500, Dennis Gilmore wrote:
On Monday 19 October 2009 09:55:50 pm Luke Macken wrote:
> On Mon, Oct 19, 2009 at 08:06:08PM -0500, Dennis Gilmore wrote:
> > We notcied that there was no apache logging on cvs1. this is because the
> > selinux policy was preventing apache from writing log files. For now i
> > have set selinux to permissive mode until we can fix the policy
> > correctly.
>
> What were the specific SELinux denials?
>
> I don't see any AVCs on cvs1, nor have I seen any since we flipped it to
> enforcing mode.
>
> How did you come to this conclusion?
the bunch of httpd messages i got while tailing /var/log/audit/audit.log
however looking at it now it doesnt seem related to logging. doing a graceful
of httpd after setting enforcing to permissive enabled logs to work again.
If those messages don't say '{ denied }', then it's probably fine...
luke