By Splunk November 21, 2006
If you’ve enabled selinux for whatever reason, you need to either disable it or configure it to allow splunk to run.
To configure selinux to allow splunk to run, you need to run the chcon command on the splunk lib directory. Here is what you type :
chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null
You can also disable the check when splunk starts by adding this line to the $SPLUNK_HOME/bin/setSplunkEnv script
export SPLUNK_IGNORE_SELINUX=1