SeLinux … Ah the serenity
If you haven’t rebooted a box in many days and then do yum update you may find that your seLinux policy now denies access to some of your processes. This is especially true if you have made changes to the default configuration files meaning they now point to a place that a default seLinux policy won’t allow.
So here is the process to fix it
Firstly have a look at the problems with audit2allow and then turn off selinux at the command line to check if the problem is seLinux
# to show errors # -w is make it human readable # -a is read from audit.log audit2allow -w -a # to check if its selinux setenforce 0 service syslog-ng restart ... [OK] setenforce 1 service syslog-ng restart ...[FAIL]
Then create the policies you need make it work
# filter so you don't get things # unrelated to the service you are trying to fix grep syslog-ng /var/log/audit/audit.log | audit2allow -M syslog-ng # install the module semodule -i syslog-ng.pp