Move httpd root, selinux help

Daniel J Walsh dwalsh at redhat.com
Mon Jan 4 16:09:23 UTC 2010 

On 01/04/2010 10:09 AM, tony at specialistdevelopment.com wrote:
> Hi,
> 
> Wishing everyone a happy new year!
> 
> Can anyone point me in the right direction with a problem im having with
> selinux and httpd please?
> 
> I have created a virtual host and have created the directory structure:
> 
> /vhosts/domain.tld/htdocs    # Document root
> /vhosts/domain.tld/logs      # Log root
> /vhosts/domain.tld/private   # Private root
> 
> I have set the contexts and they display as:
> 
> [root at server htdocs]# ls -laZ /vhosts/domain.tld/htdocs
> drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
> -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
> index.html
> 
> [root at server htdocs]# ls -laZ /vhosts/domain.tld/logs
> drwxr-xr-x. root root unconfined_u:object_r:httpd_log_t:s0 .
> drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
> 
> so to me this looks like it has the right contexts.
> 
> when i try to start apache i get the following error:
> 
> [root at server htdocs]# /sbin/service httpd start
> Starting httpd: Warning: DocumentRoot [/vhosts/domain.tld/htdocs] does
> not exist
> httpd: Could not reliably determine the server's fully qualified domain
> name, using ::1 for ServerName
>                                                            [FAILED]
> 
> now i know the directory exists, which confuses me. below are the error
> logs:
> 
> [root at server htdocs]# tail /var/log/httpd/error_log
> (13)Permission denied: httpd: could not open error log file
> /wb01/specialistdevelopment.com/www.specialistdevelopment.com/logs/error.log.
> 
> Unable to open logs
> 
> Can anyone help as i am really stuck.
> 
> Thankyou in advance!
> 
> Tony
> 
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> 
# semanage fcontext -a -t httpd_sys_content_t '/vhosts(/.*)?'
# restorecon -R -v /vhosts

Should fix the problem

You need to label every file/dir  that httpd will access with a label it can read or search.

More information about the fedora-selinux-list mailing list