SELinux, vsftpd, home directories and apache
I've come here in desperation pretty much.
Senario is pretty simple. I have everything runs perfectly fine without SELinux turned off.
If I turn it on I have the following problem. I know exactly what's causing it and how to bodge the fix but I don't want that (or to turn off SELinux)
My box runs a number of web sites (site1....siten)
The sites have a user associated to them (the users are called site1....siten)
The html files for each site are stored under /home/site1/www..../home/siten/www
The logs for each site are stored under /home/site1/log....../home/siten/log
The home directories and the files are labled with user_home_dir_t and user_home_t respectively
I can use vsftpd to upload/delete/write/read files to those directories with no problems (each user is chroot into their own home directory as they log in)
However, unsupprisingly apache cannot access the www or the log directories under home and instead fails to load because it can't create log files
If I change all the labling in the home directories to httpd_sys_content_t then the httpd starts fine and I can see the website only that then kills the ability to use ftp as the ftpd can't see the newly labled files.
If I turn off SELinux then apache can write to the log dir's, starts and works and my ftpd can see and upload files.
SO there are various answers I've seen around.
1. Stop using SELinux - not what I want to do
2. Stop using SE Linux for one or the other daemon and re-label if needed - again not what I want to do
3. re-complile the policy to allow me to do it - tried for both apache.te and ftpd.te and failed with compile errors or it applying and having no effect
Is there any way that I can get the httpd to see and use directories and files labled as user directories and files? Before you ask, yes I've enabled "Allow httpd to see user home directories" but that, I think, insists files are in public_html directories.
Anyone have any bright ideas?
Many thanks in advance