👀 Views: 263 💬 Answers: 1 📅 Created: 2025-06-05

apache centos selinux httpd bash

I'm working on a project and hit a roadblock. I'm sure I'm missing something obvious here, but I'm experiencing an scenario with Apache not starting on CentOS 8 after configuring a custom document root located at `/srv/myapp`. When I try to start the Apache service with `sudo systemctl start httpd`, I get the following behavior in the logs: ``` Oct 20 12:34:56 myserver httpd[12345]: [behavior] (13)Permission denied: AH00529: Unable to access directory /srv/myapp ``` I checked the SELinux status and found it is set to enforcing. When I run `sudo setsebool -P httpd_can_network_connect on`, the behavior still continues. I’ve also tried changing the SELinux context of the directory using: ```bash sudo chcon -R -t httpd_sys_content_t /srv/myapp ``` Despite this, I still see denials in the audit logs when I check with `sudo ausearch -m avc`. Here’s an example of the denial I found: ``` type=AVC msg=audit(1634736296.123:45): avc: denied { read } for pid=12345 comm="httpd" name="myapp" dev="dm-0" ino=567890 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir ``` I've verified that the ownership and permissions of `/srv/myapp` are set correctly: ```bash ls -ld /srv/myapp ``` Output: ``` drwxr-xr-x. root root 4096 Oct 20 12:00 /srv/myapp ``` To troubleshoot further, I attempted to temporarily set SELinux to permissive mode using `sudo setenforce 0`, and Apache started without issues. This indicates that SELinux is indeed the culprit. How can I properly configure SELinux to allow Apache access to my custom directory without compromising security? This is part of a larger application I'm building. What am I doing wrong? What would be the recommended way to handle this?