How to ask 'nginx -t' to remove pid file it created?
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 22 15:12:47 UTC 2016
Hello!
On Fri, Jan 22, 2016 at 03:51:05PM +0300, Aleksandr Vinokurov wrote:
> Hi all,
>
> I’ve met with a rather unpleasant behaviour of nginx validation
> process (the one triggered by '-t’ command line option): it
> creates a pid file at the path from the configuration it
> validate, and leave this file alone.
>
> It sounds rather inoffensively until you step in a RHEL7 with
> SELinux and wanted to use Ansible role for installing nginx
> there.
>
> If you call ‘nginx -t -c /etc/nginx/nginx.conf’, then it creates
> a pid file with wrong SELinux context and the presence of this
> pid file breaks the next call to 'systemctl start nginx’. Which
> while failing to start nginx service, removes the pid file. So
> next calls to ‘systemctl start nginx’ will succeed.
[...]
> Is there a way to ask nginx to remove the pid file it created
> during the validation process or not to create it at all?
The file is created to make sure nginx is able to open it for
writing. It can't be removed though, as there may be a running
nginx instance. Note well that the same behaviour also applies to
various other files - e.g., nginx will try to open logs for
writing as well.
Most obvious solution I can see is to avoid calling "nginx -t"
with wrong SELinux context.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list