Difference Between httpd_read_user_content and httpd_enable_homedirs

I just figure out what issue. This is our environment:

RedHat 5 with latest apache RPM

When you look at the error logs it complains about not been able to create the httpd.pid, under the "run" dir. It didn't make sense because that directory had the correct context for read/write "httpd_sys_rw_content_t" (which I had to find from "/etc/selinux/targeted/contexts/customizable_types".

I realized (after hours of searching) that on the error log it doesn't give you the full path, but when apache stars it chroot dir to "/home/httpdjail".

Under this folder I found another "run" dir. After changing the permissions to:

chcon -Rv -t httpd_sys_content_rw_t /home/httpdjail/

IT WORKED!! ^^

I'm guessing if you give the right permissions to your "/chroot/httpd" it will fix your issue.

Hope this help!

It turns out that SELinux was blocking Apache's connection to LDAP. Running the command:

grep -m 1 httpd /var/log/audit/audit.log | audit2why

I was able to find out that Apache was trying to connect to a port that SELinux didn't recognize. After following suggestions from this site and the CentOS/SELinux documentation I was able to reach a solution. My troubles were caused by the use of non-standard LDAP port (as recommended by OpenDS). By adding these ports to SELinux under "ldap_port_t" I was able to resolve the issue. As root (or "sudo") run the below commands replacing the port numbers with your own LDAP/LDAPS port numbers.

semanage port -a -t ldap_port_t -p tcp 1389
semanage port -a -t ldap_port_t -p tcp 8636
semanage port -a -t ldap_port_t -p udp 1389
semanage port -a -t ldap_port_t -p upd 8636

I hope this helps someone in the future from banging their head against the wall as much as I did.