6 Ağustos 2018 Pazartesi

selinux - nginx


sudo cat /var/log/audit/audit.log | grep nginx | grep denied | sudo audit2allow -M nginx


cat nginx.te

module nginx 1.0;

require {
    type unlabeled_t;
    type httpd_t;
    class dir read;
    class file { getattr read };
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t unlabeled_t:dir read;
allow httpd_t unlabeled_t:file read;

#!!!! This avc is allowed in the current policy
allow httpd_t unlabeled_t:file getattr;



semodule -i nginx.pp

systemctl restart nginx

Hiç yorum yok:

Yorum Gönder