Welcome! Log In Create A New Profile

Advanced

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

November 01, 2014 12:47PM
I've verified that the update to Centos 6.6 does indeed relabel nginx related directories/files during yum update. And a restart of the nginx process will now have the label "httpd_t". Someone in RH decided to make the nginx webserver follow the same SELinux policy rules as Apache.

OK, that works fine so long as all the needed directories/files are in the expected places. It also opens up some standard approaches for common options. For example,

I place my web site files under /home/webs/. I can make that work by setting a boolean (the -P makes this persist across reboots)
# setsebool -P httpd_enable_homedirs on


I also wanted to use a non-standard port 8088 for PHPMyAdmin. I achieve that with
# semanage port -a -t http_port_t -p tcp 8088

Other things:
I want to place my log files in a new location, not /var/log/nginx. I can use the semanage and restorecon lines shown above by bdwyertech, and that works fine for nginx. But logrotate and logwatch fail. So now I need to create new policies for them using the same audit2allow approach that you already mentioned but with different policy names.

I use a unix socket to connect with php-fpm. That has to be in a standard directory too. For now I put it in /var/run/.

Finally, PHPMyAdmin uses PHP sessions and my session directory is in a non-standard location. Again I had to use semanage and restorecon to make the session directory usable.

Whew! It all works now.
In future, perhaps I should let all directories/files stay in their default locations.

Richard
Subject Author Posted

CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 10:48AM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

dewanggaba October 30, 2014 01:16PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 02:05PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

dewanggaba October 30, 2014 02:26PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 30, 2014 02:59PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm October 30, 2014 04:18PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 October 31, 2014 11:10AM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

bdwyertech October 31, 2014 01:48PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

bdwyertech October 31, 2014 01:51PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm November 01, 2014 12:47PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 November 02, 2014 01:36PM

Re: CentOS 6.6, SELinux breaks Nginx 1.6.0

richardm November 01, 2014 12:57PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 111
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready