Page MenuHomeDevCentral

Improve SELinux policies for nginx in paas-docker role
ClosedPublic

Authored by dereckson on Oct 27 2018, 23:17.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

dereckson requested review of this revision.Oct 27 2018, 23:17
dereckson created this revision.
dereckson updated this revision to Diff 4952.Oct 27 2018, 23:30

build it, install it

Equatower journal
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  8 users, 14 roles, 5014 types, 311 bools, 1 sens, 1024 cats
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  97 classes, 106961 rules
dereckson updated this revision to Diff 4953.Oct 28 2018, 08:56

Allow to read link files too (e.g. Let's encrypt certificate symlink)

dereckson planned changes to this revision.Oct 28 2018, 09:08
dereckson marked 2 inline comments as done.
dereckson added inline comments.
roles/paas-docker/wwwroot-502/init.sls
20

Not recursive: it only applies to /var/wwwroot-502 directory

dereckson updated this revision to Diff 4954.Oct 28 2018, 09:11

Apply SELinux policy a recursive way

dereckson updated this revision to Diff 4955.Oct 28 2018, 09:20

Use a regex to be recursive

dereckson accepted this revision.Oct 28 2018, 18:56
This revision is now accepted and ready to land.Oct 28 2018, 18:56
This revision was automatically updated to reflect the committed changes.