Look for AVC Messages in the /var/log/messages file.
I should have posted those before. Here is an example of what happens when httpd tries to access the reiserfs filesystem:
Nov 11 23:33:38 home kernel: audit(1100237618.326:0): avc: denied { search } for pid=9106 exe=/usr/sbin/httpd dev=md5 ino=2 scontext=root:system_r:httpd_t tcontext=system_u:object_r:nfs_t tclass=dir
Nov 11 23:33:38 home kernel: audit(1100237618.326:0): avc: denied { getattr } for pid=9106 exe=/usr/sbin/httpd path=/mnt/music1 dev=md5 ino=2 scontext=root:system_r:httpd_t tcontext=system_u:object_r:nfs_t tclass=dir
You can run audit2allow -l -i /var/log/messages
Here's what audit2allow says about it:
allow httpd_t bin_t:lnk_file { read };
allow httpd_t nfs_t:dir { getattr search };
allow httpd_t user_home_t:file { getattr read };They you can customize policy to allow these.
To my *very* inexpert eye, it looks like audit2allow is telling me to loosen the restrictions on httpd. I suppose that this is an option (as turning SELinux off entirely for httpd), but I really want to figure out what contexts I need to add the the music filesystems to make them accessible by httpd under the present policy.
Thanks!
-- ======================================================================== Ian Pilcher i.pilcher@xxxxxxxxxxx ========================================================================
