On Mon, Oct 19, 2009 at 11:59:11PM -0500, Dennis Gilmore wrote:
On Monday 19 October 2009 09:55:50 pm Luke Macken wrote:
On Mon, Oct 19, 2009 at 08:06:08PM -0500, Dennis Gilmore wrote:
We notcied that there was no apache logging on cvs1. this is because the selinux policy was preventing apache from writing log files. For now i have set selinux to permissive mode until we can fix the policy correctly.
What were the specific SELinux denials?
I don't see any AVCs on cvs1, nor have I seen any since we flipped it to enforcing mode.
How did you come to this conclusion?
the bunch of httpd messages i got while tailing /var/log/audit/audit.log however looking at it now it doesnt seem related to logging. doing a graceful of httpd after setting enforcing to permissive enabled logs to work again.
If those messages don't say '{ denied }', then it's probably fine...
luke