question about selinux and apache
 

I just configured my apache on CentOS 5.5. It started up. I then configured my VirtualHosts to have 2 definitions. Copied the example from the file for now. Restarted the httpd process and I get this:
I cd to the dir and a basic index.html file is there. I googled the error and found the following...
Now my question is this: Why would you want/need to disable selinux? I want selinux enabled especially on a www server. Should I disable/reboot then re-enable it? Is this a 1 time deal?

None of the posts I read explained why you needed to disable it and if you could re-enable it. I tried to go to the http://www.apache.org site and it says its not responding. So I cannot look things up there.

I found this link after some searching but I dont understand the chcon command and dont want to munge my system: http://www.centos.org/modules/newbb/...=2147&forum=31

I'm still reading up on it but not sure if what I am looking at is OK or not. It looks like apache.apache is the owner of the files OK.. I just noticed this too. I am wondering why it things there are not virtual hosts? I defined 2 of them.

Some people remove the dirs and rebuilt them. I tried this and still does not work. I even tried new names and updated the httpd.conf file to reflect that.

Unfortunately a lot of tutorials and advice on the 'net are way old or written by ignoramuses. At the time SELinux was first offered the first tutorials would have made sense for most casual users as it definitely was not that easy to use. The latter category unfortunately is not bound by time and is more wide-spread than you would think as it includes professional / paid writers, software vendors, casual forum, mailing list and IRC banter and such. The problem is that a lot of people think what is written is true without checking things themselves. Then of course there's this typically human trait that anything new can't be good at all (16K being good enough) and that having it easy is always better than having to read and understand somebody elses documentation...
What does work is the documentation Centos and Fedora come with.

Httpd by default is not allowed to access users home directories. So first set the "httpd_sys_content_t" context reserved for serving content (see '\ls -dZ /var/www/html'): 'chcon -R -t httpd_sys_content_t /home/wwww/sample{1,2}_com ' and then enable with 'setsebool -P httpd_enable_homedirs 1'. See 'man httpd_selinux' for more.

* It would be better if you don't tack on posts to your OP because when you do you lose thread 0-reply state (best use the edit button).
** Remember that being precise (exact error messages) and complete (in this case: the complete setroubleshoot or /var/log/audit/audit.log message) beats any "this doesn't work" or "I've got an error saying" description.

Thank you for the information. As I stated this site was doing strange things to me so I could not post as one post. I think it was the smilies code causing the problem.

I will look up those articles you posted.

If you want to you could start here: http://wiki.centos.org/HowTos/SELinux and here: http://docs.fedoraproject.org/en-US/..._examples.html.

// FUP

unix1adm: I've combined your first 5 posts into a single post to make it a little easier for people to read. I've also inserted some code tags. I have not, however, changed any of the contents of your posts.