CentOS 6.6, SELinux breaks Nginx 1.6.0

mevans336 nginx-forum at nginx.us
Thu Oct 30 18:05:04 UTC 2014


That's the thing, I've never needed to set an SELinux policy. These are
single purpose servers, they run Nginx and that's it. I've always installed
Nginx, configured the .conf files for Nginx, and off it went. I've never
needed to disable SELinux and actually, since I perform a minimal install of
SELinux, the policy control tools aren't even installed.

If it were a policy issue, why doesn't a restorecon -v -R fix it? Why would
upgrading from CentOS 6.5 to 6.6 break a policy that I never touched? And
lastly, why wouldn't an uninstall and reinstall of the Nginx package fix
it?

I'm genuinely stumped. 

FWIW, it looks like the files that I created have a different security
context than the files that Nginx drops:

ls -lZ /etc/nginx/conf.d

-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 default.conf
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
default.conf.orig
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 dev-ls.conf
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 dev-web.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 example_ssl.conf
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
example_ssl.conf.orig

The reason I am posting here as well as the CentOS forums, is that we
upgraded our entire development environment to 6.6 and the only 3rd party
program that is having issues is Nginx. Our Java servers are fine, mail
daemons, monitoring servers, etc.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254456,254468#msg-254468



More information about the nginx mailing list