Description of problem: After an update via yum. SELinux is preventing zmc from 'write' accesses on the file /var/log/zoneminder/zmc_m1.log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that zmc should be allowed write access on the zmc_m1.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep zmc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:zoneminder_log_t:s0 Target Objects /var/log/zoneminder/zmc_m1.log [ file ] Source zmc Source Path zmc Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.12.1-69.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05 UTC 2013 x86_64 x86_64 Alert Count 4 First Seen 2013-08-10 16:04:14 PDT Last Seen 2013-08-10 16:15:59 PDT Local ID bb5a495b-e7ff-4097-b0c9-429a1306e913 Raw Audit Messages type=AVC msg=audit(1376176559.620:14824): avc: denied { write } for pid=26206 comm="zmc" name="zmc_m1.log" dev="dm-0" ino=1969504 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:zoneminder_log_t:s0 tclass=file type=AVC msg=audit(1376176559.620:14824): avc: denied { open } for pid=26206 comm="zmc" path="/var/log/zoneminder/zmc_m1.log" dev="dm-0" ino=1969504 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:zoneminder_log_t:s0 tclass=file type=SYSCALL msg=audit(1376176559.620:14824): arch=x86_64 syscall=open success=yes exit=ENOENT a0=7848c68 a1=241 a2=1b6 a3=0 items=0 ppid=25678 pid=26206 auid=4294967295 uid=48 gid=486 euid=48 suid=48 fsuid=48 egid=486 sgid=486 fsgid=486 ses=4294967295 tty=(none) comm=zmc exe=/usr/local/bin/zmc subj=system_u:system_r:httpd_t:s0 key=(null) Hash: zmc,httpd_t,zoneminder_log_t,file,write Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.4-300.fc19.x86_64 type: libreport
Why is apache reading the zoneminder log file?
*** Bug 995877 has been marked as a duplicate of this bug. ***
(In reply to Daniel Walsh from comment #1) > Why is apache reading the zoneminder log file? AFAIK-At first does not make sense but apache will need read access to display the log errors in the browser gui LOG tab. But the above failure is not read access. This failure indicates that zmc cannot open or write to the zmc log file which would be expected if the capture demon failed for any reason. From Zoneminder Wiki zmc This is the ZoneMinder Capture daemon. This binary's job is to sit on a video device and suck frames off it as fast as possible, this should run at more or less constant speed.
Lukas is working on these zoneminder issues.
(In reply to Miroslav Grepl from comment #4) > Lukas is working on these zoneminder issues. Thanks for the info.
[f19-contrib 75262bc] Allow httpd to append zoneminder log files 1 file changed, 1 insertion(+)
selinux-policy-3.12.1-74.11.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.11.fc19
Package selinux-policy-3.12.1-74.11.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.11.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19794/selinux-policy-3.12.1-74.11.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.11.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.