Nginx/SELinux problems

1 post / 0 new
#1 Thu, 01/26/2017 - 14:48

Nginx/SELinux problems

I had problems when I enabled SELinux after installing Nginx.

I am using latest CentoOS 7 and Virtualmin.

Here is how I made it work:

# semanage fcontext -a -t httpd_log_t "/var/log/virtualmin(/.*)?"
# setsebool -P httpd_read_user_content on

# echo "module nginxfix 1.0;

require {
type httpd_t;
type var_t;
type initrc_t;
class sock_file write;
class unix_stream_socket connectto;

#============= httpd_t ==============

allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_t:sock_file write;"  > /tmp/nginxfix.te

# checkmodule -M -m -o  /tmp/nginxfix.mod  /tmp/nginxfix.te
# semodule_package -o  /tmp/nginxfix.pp -m  /tmp/nginxfix.mod
# semodule -i  /tmp/nginxfix.pp

However, I am not sure about enabling writing/connecting to all socket files. Is there a better way to solve it?

I made bug reports here: and here: