Page MenuHomeDevCentral

Allow nginx to access container_file_t certificates on Docker engines
ClosedPublic

Authored by dereckson on Feb 14 2020, 01:09.
Tags
None
Referenced Files
F34462438: D2205.id5547.diff
Wed, Jul 1, 09:13
Unknown Object (File)
Mon, Jun 29, 03:46
Unknown Object (File)
Fri, Jun 26, 18:39
Unknown Object (File)
Sun, Jun 21, 07:29
Unknown Object (File)
Sat, Jun 20, 18:26
Unknown Object (File)
Fri, Jun 19, 23:48
Unknown Object (File)
Fri, Jun 19, 16:26
Unknown Object (File)
Fri, Jun 19, 13:42
Subscribers
None

Details

Summary

When upgrading CentOS 8, nginx lost capability to read Let's Encrypt
fullchain.pem and privkey.pem files, both with container_file_t context
as they are managed by a Certbot container.

This change updates the SELinux policy to allow this operation.

Ref T1592

Test Plan

Tested on Equatower

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable