-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
By default nginx drops as pasted before, nginx never drops the file types as `httpd_config_t`. If you never needed SELinux and didn't familiar with it, just disabled. But, it not recommended to you to disable them. Good luck! On 10/31/2014 01:05, mevans336 wrote: > That's the thing, I've never needed to set an SELinux policy. These > are single purpose servers, they run Nginx and that's it. I've > always installed Nginx, configured the .conf files for Nginx, and > off it went. I've never needed to disable SELinux and actually, > since I perform a minimal install of SELinux, the policy control > tools aren't even installed. > > If it were a policy issue, why doesn't a restorecon -v -R fix it? > Why would upgrading from CentOS 6.5 to 6.6 break a policy that I > never touched? And lastly, why wouldn't an uninstall and reinstall > of the Nginx package fix it? > > I'm genuinely stumped. > > FWIW, it looks like the files that I created have a different > security context than the files that Nginx drops: > > ls -lZ /etc/nginx/conf.d > > -rw-r--r--. root root system_u:object_r:httpd_config_t:s0 > default.conf -rw-r--r--. root root > unconfined_u:object_r:httpd_config_t:s0 default.conf.orig > -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 > dev-ls.conf -rw-r--r--. root root > unconfined_u:object_r:httpd_config_t:s0 dev-web.conf -rw-r--r--. > root root system_u:object_r:httpd_config_t:s0 example_ssl.conf > -rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 > example_ssl.conf.orig > > The reason I am posting here as well as the CentOS forums, is that > we upgraded our entire development environment to 6.6 and the only > 3rd party program that is having issues is Nginx. Our Java servers > are fine, mail daemons, monitoring servers, etc. > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,254456,254468#msg-254468 > > _______________________________________________ nginx mailing list > [email protected] http://mailman.nginx.org/mailman/listinfo/nginx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUUoJzAAoJEF1+odKB6YIx1A0H/iPpCFl09X4YFX6Y2C53yClX ywEm8pVJ2HeqMbr3PSPYT2zHW0EgbiICiTHvw+hEAdUAB4g4PNOC3xRlqKabCV0N XzCNKR1jbFYZUiNNTDT90K8AaeB4xnj9hdK00Al9gN37AKpQCLErKTAHGQ1q9Syj l6rYHjoIGLU7rXgvzfFYUCrqQUu1LbsgY8k9hZgws92XhIPHaPrUuWGALv4tUAa9 zkE+AmF8zyHIrfP0jpGO/A+uueepP18QBNnM67DjfFMtfW1O1LAKbg6dARVEBAn/ Kt5HKkjeRXaE+LogL4eUWAqnI5RlLCBrY94WZQ4u84RmdwKu+SFr0djjQ5ebeXE= =/APF -----END PGP SIGNATURE----- _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
