Description of problem: Permissions problems starting nginx (maybe SELinux?). Version-Release number of selected component (if applicable): nginx in F28 How reproducible: always Steps to Reproduce: 1. dnf install nginx 2. systemctl start nginx Actual results: fails journalctl -r -u nginx Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server. Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Failed with result 'exit-code'. Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Control process exited, code=exited status=1 Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: configuration file /etc/nginx/nginx.conf test failed Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: 2018/03/20 04:13:06 [emerg] 1627#0: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permis Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Per Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: Starting The nginx HTTP and reverse proxy server... Mar 20 04:13:03 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Unit cannot be reloaded because it is inactive. Expected results: works Additional info: ausearch says: time->Tue Mar 20 04:13:06 2018 type=AVC msg=audit(1521533586.479:317): avc: denied { dac_override } for pid=1627 comm="nginx" capability=1 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability permissive=0 ---- time->Tue Mar 20 04:13:06 2018 type=AVC msg=audit(1521533586.519:318): avc: denied { dac_override } for pid=1627 comm="nginx" capability=1 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability permissive=0
*** Bug 1567768 has been marked as a duplicate of this bug. ***
*** Bug 1574519 has been marked as a duplicate of this bug. ***
Nginx will not start while SELinux is in enforcing mode on a new Fedora 28 installation. For those looking for a quick band-aid to the issue, temporarily set SELinux to permissive mode, start Nginx, then set SELinux back to enforcing mode. This will let Nginx start and let's it open write access to its log files. I'm unsure what happens when the logs are rotated with SELinux enforcing, ymmv. Glad to see this issue is now opened to the public. Hoping for a fix on this by the end of the week!
Fix in -testing for this: https://bodhi.fedoraproject.org/updates/FEDORA-2018-afe81d2db1
nginx-1.12.1-8.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6666e4cf06
nginx-1.12.1-8.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6666e4cf06
nginx-1.12.1-8.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.