selinux on RHEL6: httpd config. DocumentRoot [/path/does/exist] "does not exist"
6,463
You will need to apply the following (assuming that path is /www)
chcon -R -u system_u /www
chcon -R -t httpd_sys_content_t /www
And then make it survive a label:
semanage fcontext -a -s system_u -t httpd_sys_content_t /www
What I find it is easier to use another directory as a template when apply SELinux context to a directory:
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 www
[root@kvm0001 /]# chcon --reference=/var/www www
[root@kvm0001 /]# ls -laZ
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 www
[root@kvm0001 /]#
Related videos on Youtube
22 : 15
RHCSA v8 Practice Session: List SELinux file and process context / Restore default file contexts
08 : 00
Troubleshooting SELinux With setroubleshoot server & sealert (RHCSA 8, Lesson 16G)
27 : 28
SELinux Enabled | Disabled | Permissive | RHCSA 8 Certification #27 | Tech Arkit | EX200
06 : 39
SELinux httpd Troubleshooting - RHCSA 8 Prep by Sander van Vugt
07 : 25
RHCSA 8 - SELinux : What's with the dot in the file mode?
Author by
Bosh
Updated on September 18, 2022Comments
-
Bosh almost 2 years
I'm running a stock RHEL6 installation and have pointed my httpd DocumentRoot to
/path/does/exist(it exists!). I've granted permission to theapacheuser and added what I thought should be the necessary label via:chcon -R -t httpd_sys_content_t /path/doesbut no dice.
audit2whyshows a missing type enforcement allow rule for a request that looks likeavc: denied { search } for pid=4793 comm="httpd" name="/" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirCan someone help me interpret? Please note that I'm not looking for the answer "disable selinux" :-)
Thanks!
-B