October 31, 2014 01:48PM
As a follow up, if you are using NginX as a proxy, you might need a few more things. Here is a preliminary template of a type enforcement I've created for NginX to alleviate these issues. You can use this Type Enforcement file to generate an SELinux module, package it up, and load it.

module nginx 1.0;

require {
type httpd_t;
type http_cache_port_t;
type port_t;
class process setrlimit;
class tcp_socket name_connect;
class capability sys_resource;
}

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
# allow_ypbind, httpd_can_network_connect
allow httpd_t port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using one of the these booleans:
# httpd_can_network_relay, httpd_can_network_connect
allow httpd_t http_cache_port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using the boolean 'httpd_setrlimit'
allow httpd_t self:process setrlimit;

#!!!! This avc can be allowed using one of the these booleans:
# httpd_run_stickshift, httpd_setrlimit
allow httpd_t self:capability sys_resource;
Subject Author Posted

CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 10:48AM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

dewanggaba October 30, 2014 01:16PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 02:05PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

dewanggaba October 30, 2014 02:26PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 02:59PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm October 30, 2014 04:18PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 31, 2014 11:10AM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

bdwyertech October 31, 2014 01:48PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

bdwyertech October 31, 2014 01:51PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm November 01, 2014 12:47PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 November 02, 2014 01:36PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm November 01, 2014 12:57PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 157
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready