CentOS 6.6, SELinux breaks Nginx 1.6.0

Dewangga dewanggaba at xtremenitro.org
Thu Oct 30 18:24:51 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

By default nginx drops as pasted before, nginx never drops the file
types as `httpd_config_t`.

If you never needed SELinux and didn't familiar with it, just
disabled. But, it not recommended to you to disable them. Good luck!

On 10/31/2014 01:05, mevans336 wrote:
> That's the thing, I've never needed to set an SELinux policy. These
> are single purpose servers, they run Nginx and that's it. I've
> always installed Nginx, configured the .conf files for Nginx, and
> off it went. I've never needed to disable SELinux and actually,
> since I perform a minimal install of SELinux, the policy control
> tools aren't even installed.
> 
> If it were a policy issue, why doesn't a restorecon -v -R fix it?
> Why would upgrading from CentOS 6.5 to 6.6 break a policy that I
> never touched? And lastly, why wouldn't an uninstall and reinstall
> of the Nginx package fix it?
> 
> I'm genuinely stumped.
> 
> FWIW, it looks like the files that I created have a different
> security context than the files that Nginx drops:
> 
> ls -lZ /etc/nginx/conf.d
> 
> -rw-r--r--. root root system_u:object_r:httpd_config_t:s0
> default.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 default.conf.orig 
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
> dev-ls.conf -rw-r--r--. root root
> unconfined_u:object_r:httpd_config_t:s0 dev-web.conf -rw-r--r--.
> root root system_u:object_r:httpd_config_t:s0 example_ssl.conf 
> -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 
> example_ssl.conf.orig
> 
> The reason I am posting here as well as the CentOS forums, is that
> we upgraded our entire development environment to 6.6 and the only
> 3rd party program that is having issues is Nginx. Our Java servers
> are fine, mail daemons, monitoring servers, etc.
> 
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254456,254468#msg-254468
> 
> _______________________________________________ nginx mailing list 
> nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUUoJzAAoJEF1+odKB6YIx1A0H/iPpCFl09X4YFX6Y2C53yClX
ywEm8pVJ2HeqMbr3PSPYT2zHW0EgbiICiTHvw+hEAdUAB4g4PNOC3xRlqKabCV0N
XzCNKR1jbFYZUiNNTDT90K8AaeB4xnj9hdK00Al9gN37AKpQCLErKTAHGQ1q9Syj
l6rYHjoIGLU7rXgvzfFYUCrqQUu1LbsgY8k9hZgws92XhIPHaPrUuWGALv4tUAa9
zkE+AmF8zyHIrfP0jpGO/A+uueepP18QBNnM67DjfFMtfW1O1LAKbg6dARVEBAn/
Kt5HKkjeRXaE+LogL4eUWAqnI5RlLCBrY94WZQ4u84RmdwKu+SFr0djjQ5ebeXE=
=/APF
-----END PGP SIGNATURE-----

More information about the nginx mailing list