I'm running a stock RHEL6 installation and have pointed my httpd DocumentRoot to /path/does/exist
(it exists!). I've granted permission to the apache
user and added what I thought should be the necessary label via:
chcon -R -t httpd_sys_content_t /path/does
but no dice.
audit2why
shows a missing type enforcement allow rule for a request that looks like
avc: denied { search } for pid=4793 comm="httpd" name="/" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Can someone help me interpret? Please note that I'm not looking for the answer "disable selinux" 🙂
Thanks!
-B
Best Answer
You will need to apply the following (assuming that path is /www)
And then make it survive a label:
What I find it is easier to use another directory as a template when apply SELinux context to a directory: