SELinux preventing Apache from writing to a file

For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t
To permanently mark that directory as httpd_sys_rw_content_t, you can use the command

semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?;
restorecon -RF /var/www/webapp/k/site/

This will survive SELINUX binary policy updates and filesystem relabeling.

Read More

Allowing apache (httpd) to run from home directory in Red Hat, CentOS and Fedora

Q: I have installed apache and chose to put my document root into a home directory.  I could not get apache to start and after much research I found it was SELINUX stopping it from starting.  I was told not to disable SELINUX and to configure it to work with the new directory.  Do you have any idea how I can accomplish this?

A: Set the httpd_enable_homedirs boolean in SELINUX to allow such access.

So the first thing I would do is use the sealert command to pull the relevant information from the audit log. (more…)

Read More