Bug 1017364
Summary: | SELinux is preventing /usr/sbin/nginx from 'setattr' accesses on the file /home/mikhail/logs/nginx_access.log. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> |
Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, mikhail.v.gavrilov |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:a24aff20d5e7b60d039e0b80014ca3f6a9b2e46e09016d75df4c4f145ab42892 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-24 14:40:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mikhail
2013-10-09 17:41:36 UTC
Why is "nginx_access.log" stored in your homedir? Because I liked storing web application in home folder. It's easy for developing, update and safety. server { if ($request_method !~ ^(GET|POST)$ ) { return 200; } listen 127.0.0.1:80; server_name localhost; root /home/mikhail/www; error_log /home/mikhail/logs/nginx_error.log; access_log /home/mikhail/logs/nginx_access.log; location / { index index.php index.html index.htm; } #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } OK, then you can allow it using : # semanage fcontext -a -t http_sys_content_rw_t '/home/mikhail/logs(/.*)?' # restorecon -R -v /home/mikhail as Daniel recommended to you in previous thread. Can you add to SE Linux troubleshooter plugin which can do it automatically? Well I would advise people not to do this, so I do not want a plugin to do it. Having random directories in the homedir being written to by network apps it not a great idea. # semanage fcontext -a -t http_sys_content_rw_t '/home/mikhail/logs(/.*)?' ValueError: Type http_sys_content_rw_t is invalid, must be a file or device type # semanage fcontext -a -t httpd_sys_rw_content_t '/home/mikhail/logs(/.*)?' |