Apache DocumentRoot on an NFS directory:
[root@localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root@localhost ~]#
After some research, I found this (dated) link
http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log:
type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/16/2012 07:35 AM, Lars Hecking wrote:
type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Have you tried httpd_use_nfs?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/16/2012 08:28 AM, Lars Hecking wrote:
Have you tried httpd_use_nfs?
Slam dunk. Thanks!
Did this boolean exist before yesterdays kernel and selinux policy update? The setup was working until I rebooted.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I see this boolean in RHEL5 and RHEl6. So it has been there a while.
Lars Hecking <lhecking@...> writes:
Have you tried httpd_use_nfs?
Slam dunk. Thanks!
Can you be more specific on what file you edited and the syntax of the line you put in and/or edited? While I am able to start apache I am getting several errors in the log files that seem to be related to this.
Bruce
On 03/05/2012 02:40 PM, Bruce Martin wrote:
Lars Hecking <lhecking@...> writes:
Have you tried httpd_use_nfs?
Slam dunk. Thanks!
Can you be more specific on what file you edited and the syntax of the line you put in and/or edited? While I am able to start apache I am getting several errors in the log files that seem to be related to this.
Bruce
Without being able to see/read the OP's original question, some help for you.
semanage boolean -l | grep httpd
man -k _selinux
Hope this helps a little...
Phil
On 5 Mar 2012, at 22:02, Phil Savoie psavoie1783@rogers.com wrote:
Have you tried httpd_use_nfs?
Without being able to see/read the OP's original question, some help for you.
Try http://wiki.centos.org/TipsAndTricks/SelinuxBooleans instead.
Ben
On 03/05/2012 02:40 PM, Bruce Martin wrote:
Lars Hecking <lhecking@...> writes:
Have you tried httpd_use_nfs?
Slam dunk. Thanks!
Can you be more specific on what file you edited and the syntax of the line you put in and/or edited? While I am able to start apache I am getting several errors in the log files that seem to be related to this.
Bruce
Sent too quick... one more to help with avc denials
sealert -a /var/log/audit/audit.log
Here you will see the raw info of the denial and possible fixes.
Phil
Bruce Martin writes:
Lars Hecking <lhecking@...> writes:
Have you tried httpd_use_nfs?
Slam dunk. Thanks!
Can you be more specific on what file you edited and the syntax of the line you put in and/or edited? While I am able to start apache I am getting several errors in the log files that seem to be related to this.
setsebool [-P] use_nfs_home_dirs=1
setsebool [-P] httpd_use_nfs=1
-P makes the settings permanent, which is probably what you want. Also useful is "getsebool -a".
*Lars Hecking* wrote
=========================================================== pache DocumentRoot on an NFS directory:
[root at localhost http://lists.centos.org/mailman/listinfo/centos ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost http://lists.centos.org/mailman/listinfo/centos ~]#
After some research, I found this (dated) link
http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log:
type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) ===================================================================
/home/www/html does not exist. Whether redhat did this on purpose or by mistake, the directory should be /var/www/html.
IT is not selinux, it is the wrong non existing directory in the httpd.conf file.
oopsy on someone's part. Happened to me too...took me a while to see the installed conf file directory was the wrong folder path.
-
Benjamin Donnachie -
Bob Hoffman -
Bruce Martin -
Daniel J Walsh -
Lars Hecking -
Phil Savoie