Move httpd root, selinux help

sai ganesh ganesai at gmail.com
Tue Jan 5 05:27:57 UTC 2010 

the exact log  of the  avc denial is needed to analyse the problem.but
assuming it as a denial due to the context.either you can do as
dwalsh said or alternatively ,you can change the context of the file
and directory to httpd_sys_content_t and put the file name and
directory name in /etc/selinux/restorecond.conf and restart the
restorecond service.
so that even when you accidentally delete the file you can get the
correct context on recreating it.


On 1/4/10, Daniel J Walsh <dwalsh at redhat.com> wrote:
> On 01/04/2010 10:09 AM, tony at specialistdevelopment.com wrote:
>> Hi,
>>
>> Wishing everyone a happy new year!
>>
>> Can anyone point me in the right direction with a problem im having with
>> selinux and httpd please?
>>
>> I have created a virtual host and have created the directory structure:
>>
>> /vhosts/domain.tld/htdocs    # Document root
>> /vhosts/domain.tld/logs      # Log root
>> /vhosts/domain.tld/private   # Private root
>>
>> I have set the contexts and they display as:
>>
>> [root at server htdocs]# ls -laZ /vhosts/domain.tld/htdocs
>> drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
>> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
>> -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
>> index.html
>>
>> [root at server htdocs]# ls -laZ /vhosts/domain.tld/logs
>> drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 .
>> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
>>
>> so to me this looks like it has the right contexts.
>>
>> when i try to start apache i get the following error:
>>
>> [root at server htdocs]# /sbin/service httpd start
>> Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does
>> not exist
>> httpd: Could not reliably determine the server's fully qualified domain
>> name, using ::1 for ServerName
>>                                                            [FAILED]
>>
>> now i know the directory exists, which confuses me. below are the error
>> logs:
>>
>> [root at server htdocs]# tail /var/log/httpd/error_log
>> (13)Permission denied: httpd: could not open error log file
>> /wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/error.log.
>>
>> Unable to open logs
>>
>> Can anyone help as i am really stuck.
>>
>> Thankyou in advance!
>>
>> Tony
>>
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
> # semanage fcontext -a -t httpd_sys_content_t '/vhosts(/.*)?'
> # restorecon -R -v /vhosts
>
> Should fix the problem
>
> You need to label every file/dir  that httpd will access with a label it can
> read or search.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>


-- 
s.saiganesh
 “The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong
One. 'Do it yourself'. Yes, that's it

More information about the fedora-selinux-list mailing list