audit2allow – generate SELinux policy allow rules from logs of denied operations.
yum provides audit2allow (more…)
For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t
To permanently mark that directory as httpd_sys_rw_content_t, you can use the command
semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?;
restorecon -RF /var/www/webapp/k/site/
This will survive SELINUX binary policy updates and filesystem relabeling.
Q: I have installed apache and chose to put my document root into a home directory. I could not get apache to start and after much research I found it was SELINUX stopping it from starting. I was told not to disable SELINUX and to configure it to work with the new directory. Do you have any idea how I can accomplish this?
A: Set the httpd_enable_homedirs boolean in SELINUX to allow such access.
So the first thing I would do is use the sealert command to pull the relevant information from the audit log. (more…)