dickwan dickwan - 1 year ago 88
Apache Configuration Question

Unable to change SELinux security context for the VirtualBox shared folder

I'm facing the following situation. For web development purposes, I've managed to set up a CentOS 7 guest VM with VirtualBox. I've installed a LAMP stack and configured Apache (vhost, added apache member of the group vboxsf, added the firewall rule) to access VirtualBox shared folder.

Configuration setting of the GUEST CentOS 7 VM Guest machine:

Virtual machine hostname: dickwan.dev
Shared Folders:
Name | Read-only | Auto-mount
------------------------------------
dickwan | no | yes
------------------------------------


Networking: NAT (with port forwarding rules)
Port Forwarding Rules:
Name | Protocol | Host IP | Host Port | Guest IP | Guest Port
--------------------------------------------------------------------------------------
HTTP | TCP | . . . | 8080 | . . . | 80
--------------------------------------------------------------------------------------
MariaDB | TCP | . . . | 9306 | . . . | 3306
--------------------------------------------------------------------------------------
SSH | TCP | . . . | 2222 | . . . | 22


Now when in my host machine, I open a browser and navigate to (let us say):

http://dickwan.dev:8080/server-status


I get the message:

Forbidden

You don't have permission to access /server-status on this server.


I've track down the problem to a SELinux security context type problem.
When SELinux is disabled everything works just fine (well... fine yeah hum).

But It feels to me like a bad practice just to shutdown the security feature. I've tried to change the context of the shared folder, but I was not able to conduct the operation

Is there a chance to have access to the shared folder through Apache without deactivating SELinux?

Answer Source

I had a similar problem (except Fedora 20 as host and guest OS). What I did:

sudo mount -t vboxsf shared_folder /media/shared_folder

sudo ln -s /media/shared_folder/ /var/www/

sudo chcon -R --reference=/var/www /var/www/shared_folder

And this works for me :)

Before I've tried to set security context to automatically mounted shared folder (by VirtualBox) but without success thus I mount it manually

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download