This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Nginx/SELinux problems

1 post / 0 new

Topic locked

#1 Thu, 01/26/2017 - 14:48

vstoykov

Nginx/SELinux problems

I had problems when I enabled SELinux after installing Nginx.

I am using latest CentoOS 7 and Virtualmin.

Here is how I made it work:

# semanage fcontext -a -t httpd_log_t "/var/log/virtualmin(/.*)?" 
# setsebool -P httpd_read_user_content on

# echo "module nginxfix 1.0;

require {
    type httpd_t;
 type var_t;
   type initrc_t;
    class sock_file write;
    class unix_stream_socket connectto;
}

#============= httpd_t ==============

allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_t:sock_file write;"  > /tmp/nginxfix.te


# checkmodule -M -m -o  /tmp/nginxfix.mod  /tmp/nginxfix.te
# semodule_package -o  /tmp/nginxfix.pp -m  /tmp/nginxfix.mod
# semodule -i  /tmp/nginxfix.pp

However, I am not sure about enabling writing/connecting to all socket files. Is there a better way to solve it?

I made bug reports here: https://www.virtualmin.com/node/45742 and here: https://sourceforge.net/p/webadmin/bugs/4881/