selinux on RHEL6: httpd config. DocumentRoot [/path/does/exist] "does not exist"
6,463
You will need to apply the following (assuming that path is /www)
chcon -R -u system_u /www
chcon -R -t httpd_sys_content_t /www
And then make it survive a label:
semanage fcontext -a -s system_u -t httpd_sys_content_t /www
What I find it is easier to use another directory as a template when apply SELinux context to a directory:
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 www
[root@kvm0001 /]# chcon --reference=/var/www www
[root@kvm0001 /]# ls -laZ
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 www
[root@kvm0001 /]#
Related videos on Youtube
Author by
Bosh
Updated on September 18, 2022Comments
-
Bosh almost 2 years
I'm running a stock RHEL6 installation and have pointed my httpd DocumentRoot to
/path/does/exist
(it exists!). I've granted permission to theapache
user and added what I thought should be the necessary label via:chcon -R -t httpd_sys_content_t /path/does
but no dice.
audit2why
shows a missing type enforcement allow rule for a request that looks likeavc: denied { search } for pid=4793 comm="httpd" name="/" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Can someone help me interpret? Please note that I'm not looking for the answer "disable selinux" :-)
Thanks!
-B