Diffusion Nasqueron Operations e88093555752

www
e88093555752
Actions

Description

Apply SELinux context type recursively to /var/log/www

Summary:
When restarting nginx on Dwellers, SELinux raised a permission denied
for /var/log/www/error.log. That file had the var_log_t context.

This was particulary a defect as roles/webserver-core/nginx/config
was applied immediately before the restart to prune OCSP config
and should have ensured the context of logs was correct:
selinux.fcontext_policy_applied isn't recursive by default.

Test Plan: Deployed on Dwellers

Reviewers: dereckson

Reviewed By: dereckson

Differential Revision: https://devcentral.nasqueron.org/D3666

Details

Provenance

dereckson	Authored on Fri, Sep 12, 18:41
dereckson	Pushed on Fri, Sep 12, 19:01

Reviewer

dereckson

Differential Revision

D3666: Apply SELinux context type recursively to /var/log/www

Parents

rOPSec6cec890b8e: Allow all users to read RabbitMQ credential to get notifications

Branches

Unknown

Tags

Unknown

References

HEAD -> main

Event Timeline

dereckson committed rOPSe88093555752: Apply SELinux context type recursively to /var/log/www (authored by dereckson).Fri, Sep 12, 19:01

dereckson added an edge: D3666: Apply SELinux context type recursively to /var/log/www.

Changes (1)

Path

Size

roles/

webserver-core/

nginx/

config.sls

rOPSe88093555752

View Options

roles/webserver-core/nginx/config.sls