From noloader at gmail.com  Mon Nov 18 21:34:12 2024
From: noloader at gmail.com (Jeffrey Walton)
Date: Mon, 18 Nov 2024 16:34:12 -0500
Subject: Nginx on Fedora with SELinux
Message-ID: <CAH8yC8kL_e52NG1izAg4sO9uQdUAHAsr+tt8P2otd4-A8t172A@mail.gmail.com>

Hi Everyone,

I'm trying to install Nginx on Fedora 41 with SELinux in enforcing
mode. In my case, the document root is /var/www/html (for historic
reasons). I added /etc/nginx/conf.d/webserver.conf, and specified my
document root. I chown'd -R /var/www to root:nginx. I also chmod'd -R
o-rwx /var/www. Visiting the web server resulted in a 403 [due to
SELinux].

According to /etc/nginx/nginx.conf, the Ngnix document root is
/usr/share/nginx/html. So I `ls -Z /usr/share/nginx/html` and found
the SELinux context of system_u:object_r:httpd_sys_content_t:s0. I
chcon'd -R system_u:object_r:httpd_sys_content_t:s0 /var/www. Visiting
the web server succeeded.

So I am not at the point where I need to make it permanent. But I am
also at the limits of my SELinux knowledge.

Does anyone know how to make the change survive a restorecon or reboot
(and not break things, like the default Nginx install or SELinux
rules)?

Thanks in advance.

Jeff

From 201904-nginx at planhack.com  Mon Nov 18 22:50:56 2024
From: 201904-nginx at planhack.com (201904-nginx at planhack.com)
Date: Mon, 18 Nov 2024 17:50:56 -0500
Subject: Nginx on Fedora with SELinux
In-Reply-To: <CAH8yC8kL_e52NG1izAg4sO9uQdUAHAsr+tt8P2otd4-A8t172A@mail.gmail.com>
Message-ID: <13ca9912-28df-4349-941c-c01191745906@planhack.com>

https://www.mankier.com/8/semanage-fcontext