[CentOS] Baffled by selinux

Bob Hoffman bob at bobhoffman.com
Thu Feb 16 20:52:13 UTC 2012 

*Lars Hecking*  wrote

===========================================================
pache DocumentRoot on an NFS directory:

[root at localhost  <http://lists.centos.org/mailman/listinfo/centos>  ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
                                                            [FAILED]
[root at localhost  <http://lists.centos.org/mailman/listinfo/centos>  ~]#

  After some research, I found this (dated) link

   http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html

  and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
  can't start httpd. Not sure what to make of the audit log:

type=AVC msg=audit(1329395502.678:61926): avc:  denied  { search } for  pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1329395502.681:61927): avc:  denied  { search } for  pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
===================================================================

/home/www/html does not exist.
Whether redhat did this on purpose or by mistake, the directory should be
/var/www/html.

IT is not selinux, it is the wrong non existing directory in the httpd.conf file.

oopsy on someone's part. Happened to me too...took me a while to see the installed
conf file directory was the wrong folder path.

More information about the CentOS mailing list