c7e513243d
Currently when selinux is enabled, nginx fails with permission denied on /httpboot, and could not bind to address errors. To fix port issues: add the right rule to selinux To fix permission issues: add the right policies and custom modules to selinux Change-Id: Ieb5afe758981940a04c5076d2cebd6746db57da1
20 lines
439 B
Plaintext
20 lines
439 B
Plaintext
module ironic_policy 1.0;
|
|
|
|
require {
|
|
type httpd_t;
|
|
type root_t;
|
|
type default_t;
|
|
class file open;
|
|
class file read;
|
|
class file getattr;
|
|
}
|
|
|
|
|
|
#============= httpd_t ==============
|
|
|
|
#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
|
|
allow httpd_t root_t:file open;
|
|
allow httpd_t default_t:file open;
|
|
allow httpd_t root_t:file { read getattr };
|
|
allow httpd_t default_t:file open;
|