Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx (the nginx package from EPEL).
I manually created the /var/www directory and put a handful of static websites in there to play around with. Curiously enough, I got a SELinux alert.
I took a peek in /var/www, and here's what the SELinux context looks like:
unconfined_u:object_r:var_t:s0
Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only applied if the httpd package is installed? How else can I explain this strange behavior?
Any suggestions?
Niki
On 1/1/20 2:00 PM, Nicolas Kovacs wrote:
Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx (the nginx package from EPEL).
I manually created the /var/www directory and put a handful of static websites in there to play around with. Curiously enough, I got a SELinux alert.
I took a peek in /var/www, and here's what the SELinux context looks like:
unconfined_u:object_r:var_t:s0
Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only applied if the httpd package is installed? How else can I explain this strange behavior?
Any suggestions?
Have used Nginx on Fedora with SELinux. Perhaps first try putting your sites in the default document root, /usr/share/nginx/html
Niki
Le 01/01/2020 à 13:54, Benson Muite a écrit :
Have used Nginx on Fedora with SELinux. Perhaps first try putting your sites in the default document root, /usr/share/nginx/html
After some experimenting, I found the answer.
When I create /var/www manually, ls -Z shows me that it's labled var_t.
But /var/www default context is httpd_sys_content_t, according to matchpathcon.
So a simple restorecon on that directory did the trick:
$ sudo mkdir -v /var/www mkdir: created directory ‘/var/www’ $ ls -dZ /var/www/ drwxr-xr-x. root root unconfined_u:object_r:var_t:s0 /var/www/ $ matchpathcon /var/www /var/www system_u:object_r:httpd_sys_content_t:s0 $ sudo restorecon -R -v /var/www/ restorecon reset /var/www context unconfined_u:object_r:var_t:s0 ->unconfined_u:object_r:httpd_sys_content_t:s0
Cheers,
Niki
-
Benson Muite -
Nicolas Kovacs