RE: Move httpd root, selinux help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tony@xxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>Hi,
>
>Wishing everyone a happy new year!
>
>Can anyone point me in the right direction with a problem im having
>with selinux and httpd please?
>
>I have created a virtual host and have created the directory structure:
>
>/vhosts/domain.tld/htdocs    # Document root
>/vhosts/domain.tld/logs      # Log root
>/vhosts/domain.tld/private   # Private root
>
>I have set the contexts and they display as:
>
>[root@server htdocs]# ls -laZ /vhosts/domain.tld/htdocs
>drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
>drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
>-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
>index.html
>
>[root@server htdocs]# ls -laZ /vhosts/domain.tld/logs
>drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 .
>drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
>
>so to me this looks like it has the right contexts.
>
>when i try to start apache i get the following error:
>
>[root@server htdocs]# /sbin/service httpd start
>Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does
>not exist
>httpd: Could not reliably determine the server's fully qualified
>domain name, using ::1 for ServerName
>                                                            [FAILED]
>
>now i know the directory exists, which confuses me. below are the error
>logs:
>
>[root@server htdocs]# tail /var/log/httpd/error_log
>(13)Permission denied: httpd: could not open error log file
>/wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/erro
r.l
>og.
>Unable to open logs
>
>Can anyone help as i am really stuck.
>
>Thankyou in advance!
>
>Tony

I have found that apache needs at least search access to _all_ the
directories in the hierarchy - so your /vhosts and your
/vhosts/domain.tld directories both need to be some type that apache can
search.

Also check /var/log/audit/audit.log (or ausearch) for the precise denial
message.


Moray.
"To err is human.  To purr, feline"



--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux