the exact log of the avc denial is needed to analyse the problem.but assuming it as a denial due to the context.either you can do as dwalsh said or alternatively ,you can change the context of the file and directory to httpd_sys_content_t and put the file name and directory name in /etc/selinux/restorecond.conf and restart the restorecond service. so that even when you accidentally delete the file you can get the correct context on recreating it. On 1/4/10, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > On 01/04/2010 10:09 AM, tony@xxxxxxxxxxxxxxxxxxxxxxxxx wrote: >> Hi, >> >> Wishing everyone a happy new year! >> >> Can anyone point me in the right direction with a problem im having with >> selinux and httpd please? >> >> I have created a virtual host and have created the directory structure: >> >> /vhosts/domain.tld/htdocs # Document root >> /vhosts/domain.tld/logs # Log root >> /vhosts/domain.tld/private # Private root >> >> I have set the contexts and they display as: >> >> [root@server htdocs]# ls -laZ /vhosts/domain.tld/htdocs >> drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 . >> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 .. >> -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 >> index.html >> >> [root@server htdocs]# ls -laZ /vhosts/domain.tld/logs >> drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 . >> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0 .. >> >> so to me this looks like it has the right contexts. >> >> when i try to start apache i get the following error: >> >> [root@server htdocs]# /sbin/service httpd start >> Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does >> not exist >> httpd: Could not reliably determine the server's fully qualified domain >> name, using ::1 for ServerName >> [FAILED] >> >> now i know the directory exists, which confuses me. below are the error >> logs: >> >> [root@server htdocs]# tail /var/log/httpd/error_log >> (13)Permission denied: httpd: could not open error log file >> /wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/error.log. >> >> Unable to open logs >> >> Can anyone help as i am really stuck. >> >> Thankyou in advance! >> >> Tony >> >> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> >> > # semanage fcontext -a -t httpd_sys_content_t '/vhosts(/.*)?' > # restorecon -R -v /vhosts > > Should fix the problem > > You need to label every file/dir that httpd will access with a label it can > read or search. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- s.saiganesh “The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
