Featured resource
Forrester Wave Report 2025
Pluralsight named a Leader in the Forrester Wave™

Our tech skill development platform earned the highest scores possible across 11 criteria.

Learn more
  • Labs icon Lab
  • Cloud
  • Security
Google Cloud Platform icon
Labs

Troubleshooting SELinux on Files and Directories

Understanding how to fix potential SELinux issues is important. This lab will present an SELinux problem and allow us to work through the solution, getting us familiar with where to look and how to fix problems.

Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 30m
Published
Clock icon Jan 24, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Identify and Fix the Problem on Startup

    Trying to run systemctl start httpd will error. Running journalctl -xe will show lines similar to this:

    Jan 09 20:32:46 Server1 httpd[7107]: (13)Permission denied: AH00091: httpd: could not open error log file /etc/httpd/l>
    Jan 09 20:32:46 Server1 httpd[7107]: AH00015: Unable to open logs
    

    It looks like a problem with the error log file, which is /var/log/httpd/error_log.

    ls -lZ /var/log/httpd/error_log shows:

    -rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 0 Jan  9 20:17 /var/log/httpd/error_log
    

    So let's use restorecon.

    restorecon /var/log/httpd/error_log
    systemctl start httpd
    

    The service starts!

  2. Challenge

    Fix the Problem with Home Directories

    Based on /etc/httpd/conf.d/userdir.conf we should have a public_html directory in the developer's home directory. Since we don't, let's create it, set the permissions to 755, set the home directory permissions to 711, and see what happens with a test file:

    mkdir /home/developer/public_html
    chmod 0755 /home/developer/public_html
    chmod 0711 /home/developer
    touch /home/developer/public_html/file
    curl localhost/~developer/file
    

    We're still getting an error. Looking at /var/log/audit/audit.log, we see an AVC denial for the file we're trying to load, so it's SELinux related.

    The contexts are correct, but the enable homedir boolean defaults to off.

    setsebool httpd_enable_homedirs on

    Now the curl should work correctly.

  3. Challenge

    Make Sure the index.html in the Developer's Home Directory public_html is Able to be Displayed

    The instructions say to move the index page, so let's do it:

    mv /home/developer/index.html /home/developer/public_html/index.html
    curl localhost/~developer/index.html
    

    That failed. Let's look at SELinux contexts.

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.