On Monday, December 01, 2008 10:26 AM -0500 Rick Barnes <linux at sitevision.com> wrote: > Try this: > ># grep httpd /var/log/audit/audit.log | audit2why > > The output should explain why you are getting the permission denials. Alas, it didn't really tell me more than what I could see in the log lines. What helped was to download the source RPM for the policy: selinux-policy-2.4.6-137.el5.src.rpm This is like a kernel source package, and has all the text files that are compiled to become the installed binary policy. Hence, it's very handy for grepping through to understand how all the rules work. It also identified that there's a man page full of handy sebools for more fine-grained control of the web server policy. Use "man httpd_selinux" to view it. Looking more carefully at my log lines, I realized that the "/" being referred to was not the "real" root but the root of the mounted device, and it had type file_t. That's not a directory type that Apache is allowed to search. For now, I've changed it to var_t, which is one that's allowed, and things now work. chcon -t var_t /mnt/bigdisk2