Forum List Message List New Topic Print View

dewanggaba

October 30, 2014 02:26PM

Registered: 14 years ago
Posts: 71

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

By default nginx drops as pasted before, nginx never drops the file
types as `httpd_config_t`.

If you never needed SELinux and didn't familiar with it, just
disabled. But, it not recommended to you to disable them. Good luck!

On 10/31/2014 01:05, mevans336 wrote:
> That's the thing, I've never needed to set an SELinux policy. These
> are single purpose servers, they run Nginx and that's it. I've
> always installed Nginx, configured the .conf files for Nginx, and
> off it went. I've never needed to disable SELinux and actually,
> since I perform a minimal install of SELinux, the policy control
> tools aren't even installed.
>
> If it were a policy issue, why doesn't a restorecon -v -R fix it?
> Why would upgrading from CentOS 6.5 to 6.6 break a policy that I
> never touched? And lastly, why wouldn't an uninstall and reinstall
> of the Nginx package fix it?
>
> I'm genuinely stumped.
>
> FWIW, it looks like the files that I created have a different
> security context than the files that Nginx drops:
>
> ls -lZ /etc/nginx/conf.d
>
> -rw-r--r--. root root system_u:object_r:httpd_config_t:s0
> default.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 default.conf.orig
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
> dev-ls.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 dev-web.conf -rw-r--r--.
> root root system_u:object_r:httpd_config_t:s0 example_ssl.conf
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
> example_ssl.conf.orig
>
> The reason I am posting here as well as the CentOS forums, is that
> we upgraded our entire development environment to 6.6 and the only
> 3rd party program that is having issues is Nginx. Our Java servers
> are fine, mail daemons, monitoring servers, etc.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254456,254468#msg-254468
>
> _______________________________________________ nginx mailing list
> nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUUoJzAAoJEF1+odKB6YIx1A0H/iPpCFl09X4YFX6Y2C53yClX
ywEm8pVJ2HeqMbr3PSPYT2zHW0EgbiICiTHvw+hEAdUAB4g4PNOC3xRlqKabCV0N
XzCNKR1jbFYZUiNNTDT90K8AaeB4xnj9hdK00Al9gN37AKpQCLErKTAHGQ1q9Syj
l6rYHjoIGLU7rXgvzfFYUCrqQUu1LbsgY8k9hZgws92XhIPHaPrUuWGALv4tUAa9
zkE+AmF8zyHIrfP0jpGO/A+uueepP18QBNnM67DjfFMtfW1O1LAKbg6dARVEBAn/
Kt5HKkjeRXaE+LogL4eUWAqnI5RlLCBrY94WZQ4u84RmdwKu+SFr0djjQ5ebeXE=
=/APF
-----END PGP SIGNATURE-----

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
CentOS 6.6, SELinux breaks Nginx 1.6.0	mevans336	October 30, 2014 10:48AM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	dewanggaba	October 30, 2014 01:16PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	mevans336	October 30, 2014 02:05PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	dewanggaba	October 30, 2014 02:26PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	mevans336	October 30, 2014 02:59PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	richardm	October 30, 2014 04:18PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	mevans336	October 31, 2014 11:10AM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	bdwyertech	October 31, 2014 01:48PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	bdwyertech	October 31, 2014 01:51PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	richardm	November 01, 2014 12:47PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	mevans336	November 02, 2014 01:36PM
Re: CentOS 6.6, SELinux breaks Nginx 1.6.0	richardm	November 01, 2014 12:57PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 265

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018