Page MenuHomeDevCentral

Improve SELinux policies for nginx in paas-docker role
ClosedPublic

Authored by dereckson on Oct 27 2018, 23:17.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 14, 15:18
Unknown Object (File)
Thu, Nov 14, 15:14
Unknown Object (File)
Tue, Nov 12, 09:52
Unknown Object (File)
Mon, Nov 11, 22:06
Unknown Object (File)
Mon, Nov 11, 07:14
Unknown Object (File)
Mon, Nov 11, 06:01
Unknown Object (File)
Thu, Nov 7, 15:21
Unknown Object (File)
Thu, Oct 31, 00:54
Subscribers
None

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.
Equatower journal
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  8 users, 14 roles, 5014 types, 311 bools, 1 sens, 1024 cats
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  97 classes, 106961 rules

Allow to read link files too (e.g. Let's encrypt certificate symlink)

dereckson marked 2 inline comments as done.
dereckson added inline comments.
roles/paas-docker/wwwroot-502/init.sls
20

Not recursive: it only applies to /var/wwwroot-502 directory

Apply SELinux policy a recursive way

Use a regex to be recursive

This revision is now accepted and ready to land.Oct 28 2018, 18:56
This revision was automatically updated to reflect the committed changes.