sudo cat /var/log/audit/audit.log | grep nginx | grep denied | sudo audit2allow -M nginx
cat nginx.te
module nginx 1.0;
require {
type unlabeled_t;
type httpd_t;
class dir read;
class file { getattr read };
}
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t unlabeled_t:dir read;
allow httpd_t unlabeled_t:file read;
#!!!! This avc is allowed in the current policy
allow httpd_t unlabeled_t:file getattr;
semodule -i nginx.pp
systemctl restart nginx
Yorumlar
Yorum Gönder