I have a docker container running a Centos 7 image. All it needs to do is run a simple Apache2 server. When the container starts it exits immediately with:
AH00526: Syntax error on line 119 of /etc/httpd/conf/httpd.conf:
DocumentRoot '/var/www/html' is not a directory, or is not readable
I did some basic checks:
- Folder exists
- Permissions are ```rwx r_x r_x root root```` for each folder /var/www/html
- Tried
chown -R apache /var/www(no straw shall remain unclutched!) - SELinux is disabled (... or is it?)
When I enter the container with a bash entry point, I can then start apache as root with /sbin/httpd -D FOREGROUND and everything works as expected.
So I think its almost certainly a permissions thing. Googling found many pages with my error e.g. Apache restart causes DocumentRoot must be a directory, even though it is a directory and there seem to be no privilege issues This particular page closely describes what I am getting and the solution in almost every page is configure SELinux. However SELinux is disabled. Even in that link there is comment from the OP
My version of linux isn't Security Enhanced Linux, so without understanding I tried it anyway: no effect.
Yet they accepted the solution which was configure SELinux.
I think I am missing something, almost certainly SELinux related, but I can't figure it out. The docker image has the following (distinct lack of) SELinux settings:
- /etc/selinux contains only semanage.conf and tmp/ (empty)
- /usr/sbin contains no se* executables
rpm -qa | grep selinuxlibselinux-2.5-12.el7.x86_64
- /etc/sysconfig/selinux does not exist
- So in the Dockerfile I tried
RUN echo "SELINUX=disabled" > /etc/sysconfig/selinux
- So in the Dockerfile I tried
- doing
yum install -y policycoreutilsinstalls sestatus in /usr/sbin. Running sestatus givesSELinux status: disabled- With or without /etc/sysconfig/selinux
It really looks like SELinux is disabled, yet the error looks so much like it is enabled.
