Red Hat Bugzilla – Bug 149990
SELinux breaks httpd
Last modified: 2007-11-30 17:07:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20050104 Red Hat/1.4.3-3.0.7
Description of problem:
Having upgraded our web server to RHEL 4 AS, httpd refuses to start with SELinux enabled.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. service httpd start
Actual Results: Apache fails to start with error message "DocumentRoot must be a directory".
Expected Results: Apache starts normally and serves our sites.
The problem is one of directory nesting. Our sites are held under
/home/www/cmmp /home/www/nano-science/nano-mag etc.
Nothing nested deeper than one level under /home will work, but errors are only
produced for those on the second level of nesting: e.g. a site in /home works,
as does one in /home/www but one in /home/www/cmmp does not. A site in
/home/www/nano-science produces the error message, but one in
/home/www/nano-science/nano-mag does not.
Turning off SELinux at boot with boot parameter selinux=0 fixes this, but is
obviously not a nice solution...
Created attachment 111525 [details]
Apache config file
The httpd.conf in question
*** Bug 149989 has been marked as a duplicate of this bug. ***
Apologies, I accidentally submitted this one twice. I've killed the dupe.
chcon -R -t httpd_sys_content_t /home/www
Not sure if this is the best way to do this...
Yes, that's the correct method. You might be interested to read the following
guide, regarding SELinux/Apache integration. It mostly applies to Red Hat
Enterprise Linux 4; a version specific for RHEL4 is in the works: