sudo cat /var/log/audit/audit.log | grep nginx | grep denied | sudo audit2allow -M nginx cat nginx.te module nginx 1.0; require { type unlabeled_t; type httpd_t; class dir read; class file { getattr read }; } #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t unlabeled_t:dir read; allow httpd_t unlabeled_t:file read; #!!!! This avc is allowed in the current policy allow httpd_t unlabeled_t:file getattr; semodule -i nginx.pp systemctl restart nginx