Proper way to set SeLinux with Apache VirtualHost reading from a mount?

Question

I have a mount that I need to setup a VirtualHost from. /opt/foo

When I create the VirtualHost with SeLinux on, Apache reports that the directory does not exist.

When I set SeLinux to permissive mode, it works fine.

What is the proper way to setup my /opt/foo directory so that it will work with Apache and SeLinux when it is enforcing?

Answer 1

The first thing first, permissive mode means that SELinux just log denials into audit log, but nothing is really denied. It is just for debugging and setting your SELinux policy and your system is out of SELinux protection when premissive mode is enabled. Enforing mode is full SELinux functionality with restrictions and also auditing.

In your case, the apache has no access to /opt/foo. See the link https://superuser.com/questions/607409/configuring-selinux-to-allow-logging-to-a-file-thats-outside-var-log

but use the SELinux type 'httpd_sys_content_t' instead of 'var_log_t'.