On CentOS selinux is enabled by default and it will not allow to fire apache any atq job or any other job.
First we need to give execute permission to apache
chcon -R -t httpd_sys_rw_content_t /home/agms/residuals/
Then we need to allow in the policy for selinux
Change to root home. Fire this command
grep atq /var/log/audit/audit.log | audit2allow -M agms_atq_pol
This will create a policy file arms_atq_pol.te
[root@dev02 ~]# cat agms_atq_pol.te
module agms_atq_pol 1.0;
require {
type httpd_t;
class netlink_audit_socket create;
}
#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean ‘allow_httpd_mod_auth_pam’
allow httpd_t self:netlink_audit_socket create;
Now load this using the
semodule -i agms_atq_pol.pp
And reboot as it will not load in kernel on its own. Yes policy goes to kernel. We wasted some time in trying to see it works without reboot.
