📖 ~1 min read
Table of contents
Symptom & Impact
A web app works when SELinux is permissive but fails in enforcing mode on RHEL 9.
Environment & Reproduction
HTTP 403 errors, backend connection failures, or denied file reads despite correct UNIX permissions.
Root Cause Analysis
Incorrect SELinux labels on content directories or required booleans disabled for network/database access.
Quick Triage
Run ‘sudo ausearch -m avc -ts recent’ and correlate denials with web server timestamps.
Step-by-Step Diagnosis
Apply context rules with semanage fcontext and run ‘sudo restorecon -Rv /var/www’ for consistency.
Solution – Primary Fix
Use ‘sudo getsebool -a | grep httpd’ then set needed options via ‘sudo setsebool -P on’.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
For nonstandard ports, map the port type using ‘sudo semanage port -a -t http_port_t -p tcp ‘.
Verification & Acceptance Criteria
Restart components with ‘sudo systemctl restart httpd’ or your app service to apply label/boolean changes.
Rollback Plan
Use audit2allow only after root-cause review and avoid broad custom modules that weaken policy.
Prevention & Hardening
Check ‘sudo journalctl -u httpd –no-pager -n 100’ and ensure no fresh AVC events appear.
Related Errors & Cross-Refs
Confirm firewalld allows inbound traffic so SELinux troubleshooting is not confused with network filtering.
Related tutorial: View the step-by-step tutorial for rhel-9.
View all rhel-9 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Include SELinux context checks in deployment scripts and keep enforcing mode active in all environments.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
