Nginx And SELinux On CentOS 7

Home » CentOS » Nginx And SELinux On CentOS 7

January 1, 2020 Niki Kovacs CentOS 2 Comments

Hi,

I’m currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers.

Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t.

On my sandbox server I don’t have Apache (httpd) installed, only Nginx (the nginx package from EPEL).

I manually created the /var/www directory and put a handful of static websites in there to play around with. Curiously enough, I got a SELinux alert.

I took a peek in /var/www, and here’s what the SELinux context looks like:

unconfined_u:object_r:var_t:s0

Now I’m a bit puzzled. Is the correct httpd_sys_content_t context only applied if the httpd package is installed? How else can I explain this strange behavior?

Any suggestions?

Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12

2 thoughts on - Nginx And SELinux On CentOS 7

Have used Nginx on Fedora with SELinux. Perhaps first try putting your sites in the default document root, /usr/share/nginx/html

Le 01/01/2020 à 13:54, Benson Muite a écrit :

After some experimenting, I found the answer.

When I create /var/www manually, ls -Z shows me that it’s labled var_t.

But /var/www default context is httpd_sys_content_t, according to matchpathcon.

So a simple restorecon on that directory did the trick:

$ sudo mkdir -v /var/www mkdir: created directory ‘/var/www’
$ ls -dZ /var/www/
drwxr-xr-x. root root unconfined_u:object_r:var_t:s0 /var/www/
$ matchpathcon /var/www
/var/www system_u:object_r:httpd_sys_content_t:s0
$ sudo restorecon -R -v /var/www/
restorecon reset /var/www context unconfined_u:object_r:var_t:s0
->unconfined_u:object_r:httpd_sys_content_t:s0

Cheers,

Niki

—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12

Benson Muite says:

January 1, 2020 at 6:54 am

Have used Nginx on Fedora with SELinux. Perhaps first try putting your sites in the default document root, /usr/share/nginx/html
Niki Kovacs says:

January 1, 2020 at 7:13 am

Le 01/01/2020 à 13:54, Benson Muite a écrit :

After some experimenting, I found the answer.

When I create /var/www manually, ls -Z shows me that it’s labled var_t.

But /var/www default context is httpd_sys_content_t, according to matchpathcon.

So a simple restorecon on that directory did the trick:

$ sudo mkdir -v /var/www mkdir: created directory ‘/var/www’
$ ls -dZ /var/www/
drwxr-xr-x. root root unconfined_u:object_r:var_t:s0 /var/www/
$ matchpathcon /var/www
/var/www system_u:object_r:httpd_sys_content_t:s0
$ sudo restorecon -R -v /var/www/
restorecon reset /var/www context unconfined_u:object_r:var_t:s0
->unconfined_u:object_r:httpd_sys_content_t:s0

Cheers,

Niki

—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12

Nginx And SELinux On CentOS 7

2 thoughts on - Nginx And SELinux On CentOS 7

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta