selinux prevents mounted directories for serving content for httpd


error message

(13)Permission denied: [client <ipaddress>:<port>] AH00035: access to /index.html denied (filesystem path '/opt/rh/httpd24/root/var/www/html/index.html') because search permissions are missing on a component of the path

fix

run this on the host directory serving the content

chcon  --user system_u --type httpd_sys_content_t -Rv <dir>

if you’ve worked with selinux before, you will realise that chcon is a temporary but a faster way to apply contexts to a file. they will be reset in the next relabel. good to use in places where you do not care too much, for example containers.

if you wish to apply contexts to the file/directory permanently, probably to a directory which is being shared by several containers, file servers, where it doesn’t make much sense to have an extra command to set the security context each time a new container is spun up, then use the following command. you run it one time, and the virtual machines or containers will be able to serve the content correctly.

semanage fcontext -a -s system_u -t httpd_sys_content_t <dir>

the above command will make an entry for the file’s context in the /etc/selinux/targeted/contexts/files/file_contexts.local file, which is used to relabel the files in the future. the above command does not apply the context immediately. you will have to do it manually.

restorecon -RvF <dir>

reason

selinux needs the correct context to serve the content

courtesy –

https://superuser.com/questions/882594/permission-denied-because-search-permissions-are-missing-on-a-component-of-the-p

https://unix.stackexchange.com/questions/297701/how-to-label-a-newly-created-file-with-system-u

Leave a Reply

Your email address will not be published. Required fields are marked *