type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
I ran into the same problem, I think. I ran "audit2why" and passed in the AVC. It suggested a pair of booleans I've never seen before.
# audit2why type=AVC msg=audit(1483077583.703:1539671): avc: denied { read } for pid=11162 comm="httpd" name="courier-pythonfilter" dev="dm-0" ino=533228 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir
Was caused by: One of the following booleans was set incorrectly. Description: Allow httpd to read user content
Allow access by executing: # setsebool -P httpd_read_user_content 1 Description: Allow httpd to unified
Allow access by executing: # setsebool -P httpd_unified 1 # setsebool -P httpd_read_user_content 1
... and setting one of them fixed the problem.
I don't see a bug filed for this. Can anyone else confirm that httpd_enable_homedirs doesn't work as it did before 7.3? I suspect it's not widely used and the bug may not have been noticed yet.