SELinux is preventing the httpd_sys_script_t domain from using /dev/log

Solution In Progress - Updated -

Issue

We are using a RewriteMap program for the Apache web server running under the httpd_sys_script_t domain:

RewriteMap token_authorization prg:/custom/bin/apache_token_authorization.sh

The script contains logger lines for logging activity. Unfortunately, SELinux prevents the httpd_sys_script_t domain from use the /dev/log socket:

type=AVC msg=audit(1385112405.781:1073570): avc: denied { write } for pid=347 comm="logger" name="log" dev=devtmpfs ino=106668 scontext=unconfined_u:system_r:httpd_sys_script_t:s0 tcontext=unconfined_u:object_r:devlog_t:s0 tclass=sock_file

Environment

  • Red Hat Enterprise Linux 6.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.