CentOS 6.6, SELinux breaks Nginx 1.6.0

Dewangga dewanggaba at xtremenitro.org
Thu Oct 30 18:24:51 UTC 2014

Hash: SHA1


By default nginx drops as pasted before, nginx never drops the file
types as `httpd_config_t`.

If you never needed SELinux and didn't familiar with it, just
disabled. But, it not recommended to you to disable them. Good luck!

On 10/31/2014 01:05, mevans336 wrote:
> That's the thing, I've never needed to set an SELinux policy. These
> are single purpose servers, they run Nginx and that's it. I've
> always installed Nginx, configured the .conf files for Nginx, and
> off it went. I've never needed to disable SELinux and actually,
> since I perform a minimal install of SELinux, the policy control
> tools aren't even installed.
> If it were a policy issue, why doesn't a restorecon -v -R fix it?
> Why would upgrading from CentOS 6.5 to 6.6 break a policy that I
> never touched? And lastly, why wouldn't an uninstall and reinstall
> of the Nginx package fix it?
> I'm genuinely stumped.
> FWIW, it looks like the files that I created have a different
> security context than the files that Nginx drops:
> ls -lZ /etc/nginx/conf.d
> -rw-r--r--. root root system_u:object_r:httpd_config_t:s0
> default.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 default.conf.orig 
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
> dev-ls.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 dev-web.conf -rw-r--r--.
> root root system_u:object_r:httpd_config_t:s0 example_ssl.conf 
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 
> example_ssl.conf.orig
> The reason I am posting here as well as the CentOS forums, is that
> we upgraded our entire development environment to 6.6 and the only
> 3rd party program that is having issues is Nginx. Our Java servers
> are fine, mail daemons, monitoring servers, etc.
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254456,254468#msg-254468
> _______________________________________________ nginx mailing list 
> nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Version: GnuPG v2.0.17 (MingW32)


More information about the nginx mailing list