Why does this get denied?

Andy Smith andy at strugglers.net
Mon Dec 20 16:32:11 UTC 2004


Firstly apologies if what I'm about to ask is obvious, I'm kind of
new to selinux and I'm trying to read the relevant docs but I don't
understand something.  If what I ask is covered in a document then
I'd appreciate a pointer.

Okay so I just installed apache from RPM on fedora core 3 and when I
try to start it I get the following:

# service httpd start
Starting httpd: Syntax error on line 266 of
DocumentRoot must be a directory

In /var/log/messages:

Dec 20 16:28:32 becks kernel: audit(1103560112.198:0): avc:  denied
{ search } for  pid=27331 exe=/usr/sbin/httpd name=/ dev=dm-1 ino=2
scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t

I am using the targeted policy.

Now, the only thing I have changed is, instead of having my document
root be /var/www/html I've put it in /data/www.  I edited
/etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
reflect the fact that my content is in a different place and did do
a restorecon to relabel things under /data.

What I don't understand is the reference to /.  Why is selinux
denying httpd searching /?  This is a new install and selinux has
been enabled from the start so / should be labelled correctly..

What am I missing?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041220/0f099d3d/attachment.sig>

More information about the fedora-selinux-list mailing list