Enforcing:

apache2          | * /run/apache_ssl_mutex: creating directory
apache2          | * apache2 has detected an error in your setup:
apache2          |[Sun Oct 27 12:57:36.638798 2013] [core:warn] [pid 10949:tid 2878743828288] AH00111: Config variable ${SVN_REPOS_LOC} is not defined
apache2          |[Sun Oct 27 12:57:36.638947 2013] [core:warn] [pid 10949:tid 2878743828288] AH00111: Config variable ${SVN_REPOS_LOC} is not defined
apache2          |AH00526: Syntax error on line 60 of /etc/apache2/modules.d/40_mod_ssl.conf:
apache2          |Invalid Mutex directory in argument file:/run/apache_ssl_mutex
apache2          | * ERROR: apache2 failed to start

Oct 27 12:57:35 maelstrom kernel: [ 3954.619650] type=1400 audit(1382875055.600:471): avc:  denied  { search } for  pid=10936 comm="cgroup-release-" name="/" dev="tmpfs" ino=6847 scontext=system_u:system_r:openrc_cgroup_release_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 27 12:57:36 maelstrom kernel: [ 3955.555117] type=1400 audit(1382875056.535:472): avc:  denied  { getattr } for  pid=10946 comm="apache2" path="/run/apache_ssl_mutex" dev="tmpfs" ino=323332 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:57:36 maelstrom kernel: [ 3955.685093] type=1400 audit(1382875056.665:473): avc:  denied  { getattr } for  pid=10949 comm="apache2" path="/run/apache_ssl_mutex" dev="tmpfs" ino=323332 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:57:36 maelstrom kernel: [ 3955.700968] type=1400 audit(1382875056.681:474): avc:  denied  { search } for  pid=10950 comm="cgroup-release-" name="/" dev="tmpfs" ino=6847 scontext=system_u:system_r:openrc_cgroup_release_t tcontext=system_u:object_r:tmpfs_t tclass=dir

Permissive:

apache2          | * Starting apache2 ...
apache2          |[Sun Oct 27 12:58:51.569535 2013] [core:warn] [pid 11132:tid 2803022149440] AH00111: Config variable ${SVN_REPOS_LOC} is not defined
apache2          |[Sun Oct 27 12:58:51.570061 2013] [core:warn] [pid 11132:tid 2803022149440] AH00111: Config variable ${SVN_REPOS_LOC} is not defined            [ ok ]

Oct 27 12:58:51 maelstrom kernel: [ 4030.400570] type=1400 audit(1382875131.363:476): avc:  denied  { search } for  pid=11122 comm="cgroup-release-" name="/" dev="tmpfs" ino=6847 scontext=system_u:system_r:openrc_cgroup_release_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.518325] type=1400 audit(1382875131.481:477): avc:  denied  { getattr } for  pid=11129 comm="apache2" path="/run/apache_ssl_mutex" dev="tmpfs" ino=323332 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.518937] type=1400 audit(1382875131.482:478): avc:  denied  { getattr } for  pid=11129 comm="apache2" path="/home/amade/zf2-tutorial/public" dev="dm-0" ino=12062032 scontext=system_u:system_r:httpd_t tcontext=staff_u:object_r:user_home_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.729106] type=1400 audit(1382875131.692:479): avc:  denied  { write } for  pid=11132 comm="apache2" name="apache_ssl_mutex" dev="tmpfs" ino=323332 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.729118] type=1400 audit(1382875131.692:480): avc:  denied  { add_name } for  pid=11132 comm="apache2" name="ssl-cache.11132" scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.729148] type=1400 audit(1382875131.692:481): avc:  denied  { create } for  pid=11132 comm="apache2" name="ssl-cache.11132" scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file
Oct 27 12:58:51 maelstrom kernel: [ 4030.729167] type=1400 audit(1382875131.692:482): avc:  denied  { write open } for  pid=11132 comm="apache2" path="/run/apache_ssl_mutex/ssl-cache.11132" dev="tmpfs" ino=330120 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file
Oct 27 12:58:51 maelstrom kernel: [ 4030.729188] type=1400 audit(1382875131.692:483): avc:  denied  { remove_name } for  pid=11132 comm="apache2" name="ssl-cache.11132" dev="tmpfs" ino=330120 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Oct 27 12:58:51 maelstrom kernel: [ 4030.729195] type=1400 audit(1382875131.692:484): avc:  denied  { unlink } for  pid=11132 comm="apache2" name="ssl-cache.11132" dev="tmpfs" ino=330120 scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:initrc_var_run_t tclass=file



Seems like labeling problem to me

drwxrwxr-x.  2 root  root  system_u:object_r:initrc_var_run_t         40 Oct 27 12:58 apache_ssl_mutex

After `chcon -t httpd_var_run_t /run/apache_ssl_mutex` apache starts.

Reproducible: Always




Portage 2.2.7 (hardened/linux/amd64/no-multilib/selinux, gcc-4.7.3, glibc-2.17, 3.11.6-hardened x86_64)
=================================================================
System uname: Linux-3.11.6-hardened-x86_64-Intel-R-_Core-TM-_i3_CPU_M_350_@_2.27GHz-with-gentoo-2.2
KiB Mem:     2996988 total,    771008 free
KiB Swap:          0 total,         0 free
Timestamp of tree: Sat, 26 Oct 2013 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.23.2
app-shells/bash:          4.2_p45
dev-lang/python:          2.7.5-r3, 3.2.5-r3, 3.3.2-r2
dev-util/cmake:           2.8.12
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12.3
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.13.4, 1.14
sys-devel/binutils:       2.23.2
sys-devel/gcc:            4.7.3-r1, 4.8.1-r1
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.11 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo local-overlay
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA AdobeFlash-11.x"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/home/amade/overlay"
SYNC=""
USE="X aac acpi alsa amd64 bash-completion berkdb bluetooth bzip2 cli cracklib crypt cxx dbus dri dvd flac gdbm gif gnutls gold gpg hardened iconv icu ipv6 jpeg jpeg2k justify mmx mmxext mng modules mp3 mudflap ncurses nls nptl open_perms opencl opengl openmp pam pax_kernel pcre png readline selinux session sse sse2 sse4_1 sse4_2 ssl ssse3 tcpd threads tiff udev unicode urandom usb v4l vim-syntax xattr xcb xft xinerama zlib zsh-completion" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_GB pl" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="x86_64 ppc" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON