Move httpd root, selinux help
tony at specialistdevelopment.com
tony at specialistdevelopment.com
Thu Jan 7 15:17:30 UTC 2010
Thanks for your help, all sorted now :)
Tony
Quoting sai ganesh <ganesai at gmail.com>:
> the exact log of the avc denial is needed to analyse the problem.but
> assuming it as a denial due to the context.either you can do as
> dwalsh said or alternatively ,you can change the context of the file
> and directory to httpd_sys_content_t and put the file name and
> directory name in /etc/selinux/restorecond.conf and restart the
> restorecond service.
> so that even when you accidentally delete the file you can get the
> correct context on recreating it.
>
>
> On 1/4/10, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> On 01/04/2010 10:09 AM, tony at specialistdevelopment.com wrote:
>>> Hi,
>>>
>>> Wishing everyone a happy new year!
>>>
>>> Can anyone point me in the right direction with a problem im having with
>>> selinux and httpd please?
>>>
>>> I have created a virtual host and have created the directory structure:
>>>
>>> /vhosts/domain.tld/htdocs # Document root
>>> /vhosts/domain.tld/logs # Log root
>>> /vhosts/domain.tld/private # Private root
>>>
>>> I have set the contexts and they display as:
>>>
>>> [root at server htdocs]# ls -laZ /vhosts/domain.tld/htdocs
>>> drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
>>> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 ..
>>> -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
>>> index.html
>>>
>>> [root at server htdocs]# ls -laZ /vhosts/domain.tld/logs
>>> drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 .
>>> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 ..
>>>
>>> so to me this looks like it has the right contexts.
>>>
>>> when i try to start apache i get the following error:
>>>
>>> [root at server htdocs]# /sbin/service httpd start
>>> Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does
>>> not exist
>>> httpd: Could not reliably determine the server's fully qualified domain
>>> name, using ::1 for ServerName
>>> [FAILED]
>>>
>>> now i know the directory exists, which confuses me. below are the error
>>> logs:
>>>
>>> [root at server htdocs]# tail /var/log/httpd/error_log
>>> (13)Permission denied: httpd: could not open error log file
>>> /wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/error.log.
>>>
>>> Unable to open logs
>>>
>>> Can anyone help as i am really stuck.
>>>
>>> Thankyou in advance!
>>>
>>> Tony
>>>
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>> # semanage fcontext -a -t httpd_sys_content_t '/vhosts(/.*)?'
>> # restorecon -R -v /vhosts
>>
>> Should fix the problem
>>
>> You need to label every file/dir that httpd will access with a label it can
>> read or search.
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>
>
> --
> s.saiganesh
> “The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong
> One. 'Do it yourself'. Yes, that's it
>
More information about the fedora-selinux-list
mailing list