Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Troubleshooting SELinux on Files and Directories

Understanding how to fix potential SELinux issues is important. This lab will present an SELinux problem and allow us to work through the solution, getting us familiar with where to look and how to fix problems.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 30m
Published
Clock icon Jan 24, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Identify and Fix the Problem on Startup

    Trying to run systemctl start httpd will error. Running journalctl -xe will show lines similar to this:

    Jan 09 20:32:46 Server1 httpd[7107]: (13)Permission denied: AH00091: httpd: could not open error log file /etc/httpd/l>
Jan 09 20:32:46 Server1 httpd[7107]: AH00015: Unable to open logs

    It looks like a problem with the error log file, which is /var/log/httpd/error_log.

    ls -lZ /var/log/httpd/error_log shows:

    -rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 0 Jan  9 20:17 /var/log/httpd/error_log

    So let's use restorecon.

    restorecon /var/log/httpd/error_log
systemctl start httpd

    The service starts!

  2. Challenge

    Fix the Problem with Home Directories

    Based on /etc/httpd/conf.d/userdir.conf we should have a public_html directory in the developer's home directory. Since we don't, let's create it, set the permissions to 755, set the home directory permissions to 711, and see what happens with a test file:

    mkdir /home/developer/public_html
chmod 0755 /home/developer/public_html
chmod 0711 /home/developer
touch /home/developer/public_html/file
curl localhost/~developer/file

    We're still getting an error. Looking at /var/log/audit/audit.log, we see an AVC denial for the file we're trying to load, so it's SELinux related.

    The contexts are correct, but the enable homedir boolean defaults to off.

    setsebool httpd_enable_homedirs on

    Now the curl should work correctly.

  3. Challenge

    Make Sure the index.html in the Developer's Home Directory public_html is Able to be Displayed

    The instructions say to move the index page, so let's do it:

    mv /home/developer/index.html /home/developer/public_html/index.html
curl localhost/~developer/index.html

    That failed. Let's look at SELinux contexts.

A Cloud Guru - Labs - Troubleshooting SELinux on Files and Directories
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans