He pointed out that yesterdays blog on SELinux Labeling did not provide a solution to the /myapache problem.
The solution is to label /myapache and all its children with a label httpd can read.
You can figure this out by using:
man httpd_selinux
...
httpd_sys_content_t
- Set files with the httpd_sys_content_t type, if you want to treat the
files as httpd sys content.
Paths:
/usr/share/icecast(/.*)?,
/etc/htdig(/.*)?,
/usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/data(/.*)?,
/var/lib/htdig(/.*)?,
/srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?,
/usr/share/mythweb(/.*)?,
/usr/share/openca/htdocs(/.*)?,
icy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/trac(/.*)?,
/var/www(/.*)?, /var/www/icons(/.*)?
Or
# ls -lZd /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
You could simply put the labels in place using chcon.
chcon -R -t httpd_sys_content_t /myapache
The best solution is to tell SELinux about the label change.
# semanage fcontext -a -t httpd_sys_content_t '/myapache(/.*)?'
# restorecon -R -v /myapache
Done
Note: If you wanted to allow httpd to write to the directory you would use the httpd_sys_rw_content_t type.
