How To Enable SELinux In CentOS/RHEL 7 | PhoenixNAP KB
Procedure When your scenario is blocked by SELinux, the /var/log/audit/audit.log file is the first place to check for more information about a denial. To query Audit logs, use the ausearch tool. SELinux logging The most important feature of SELinux, and one you should start learning by heart, is that it is able to log everything. And with everything, I mean everything. SELinux is a Linux feature that allows you to implement access control security policies in Linux systems. In distributions such as Fedora and RHEL, SELinux is in Enforcing mode by default. Rsyslog is one of the system processes protected by SELinux. SELinux was restricting the access to logrotate on log files in directories which does not have the required SELinux file context type. "/var/log" directory has "var_log_t" file context, and logrotate was able to do the needful. So the solution was to set this on my application log files and it's parent directory:
Procedure. When your scenario is blocked by SELinux, the /var/log/audit/audit.log file is the first place to check for more information about a denial. To query Audit logs, use the ausearch tool. Because the SELinux decisions, such as allowing or disallowing access, are cached and this cache is known as the Access Vector Cache (AVC), use the AVC and USER_AVC values for the message type
How To Enable SELinux In CentOS/RHEL 7 | PhoenixNAP KB Aug 27, 2019 How to Disable or set SELinux to Permissive mode – The SELinux can operate in any of the 3 modes : 1. Enforced : Actions contrary to the policy are blocked and a corresponding event is logged in the audit log. 2. Permissive : Actions contrary to the policy are only logged in the audit log. 3. Disabled : The SELinux is disabled entirely.
Apr 29, 2019
[SOLVED] SElinux log file location Oct 07, 2011