httpd can't write to folder/file because of SELinux

None of them, at least not by itself. You must either give the directory structure a context of httpd_sys_rw_content_t, or give them a context of public_content_rw_t and enable allow_httpd_anon_write and/or allow_httpd_sys_script_anon_write as follows:

chcon -R -t httpd_sys_rw_content_t /path

See the httpd_selinux(8) man page for details.

Although it is better to label the files and folders with the httpd_sys_rw_content_t where needed, for completeness I figured I'd mention that you can also change the seboolean httpd_unified to 1 to make SELinux ignore this particular context requirement, which is still much better than disabling SELinux as many on the internet would advise.

From the man page:

httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/exe- cute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.

setsebool -P httpd_unified 0

You will find very good documentation at RedHat on selinux a 180 page .pdf manual you can download, but the best way to deal with selinux issues is to open a terminal and type as use the automated tools.

Try:

aureport -a (as root)

Then repeat the problem causing behavior. You will get a nice display of the problem and the ways you may want to consider fixing it (in my case it was a folder that apache could not write to).

aureport starts a reporting program, which will offer you several alternatives when something goes wrong. They are clearly explained by people who speak English. I spent hours on an selinux problem, then got to this little gem in the redhat documentation, and I had the problem fixed in 30 seconds. One of the choices was spot on.

/Len