32.Lock Code Circular

SELinux can make it a challenge to get newly installed or custom applications to run because it blocks them from having access to certain directories in the file system hierarchy. Instead of disabling SELinux, the better option is to configure the security system so applications and services can function as expected. This is especially important when you have an application or service that requires a nonstandard configuration.

Take, for example, the Apache web server. Apache on RHEL-based distributions defaults to the /var/httpd directory as the document root and ports 80 (for HTTP) and 443 (for HTTPS) when installed.

Admins who want to use a different directory and port for a website might opt for /srv as the document root and port 8080. Out of the box, SELinux denies those nonstandard options, so they must be configured to work properly.