Page MenuHomeDevCentral

Improve SELinux policies for nginx in paas-docker role
ClosedPublic

Authored by dereckson on Oct 27 2018, 23:17.
Tags
None
Referenced Files
F11822040: D1959.id4951.diff
Thu, Sep 25, 00:07
F11820910: D1959.id4957.diff
Wed, Sep 24, 23:27
F11817378: D1959.id4953.diff
Wed, Sep 24, 20:35
Unknown Object (File)
Wed, Sep 24, 02:21
Unknown Object (File)
Fri, Sep 19, 18:29
Unknown Object (File)
Thu, Sep 18, 00:54
Unknown Object (File)
Tue, Sep 16, 23:41
Unknown Object (File)
Tue, Sep 16, 10:55
Subscribers
None

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.
Equatower journal
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:32 equatower.nasqueron.org kernel: SELinux: 2048 avtab hash slots, 106961 rules.
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  8 users, 14 roles, 5014 types, 311 bools, 1 sens, 1024 cats
Oct 28 08:32:33 equatower.nasqueron.org kernel: SELinux:  97 classes, 106961 rules

Allow to read link files too (e.g. Let's encrypt certificate symlink)

dereckson marked 2 inline comments as done.
dereckson added inline comments.
roles/paas-docker/wwwroot-502/init.sls
20

Not recursive: it only applies to /var/wwwroot-502 directory

Apply SELinux policy a recursive way

Use a regex to be recursive

This revision is now accepted and ready to land.Oct 28 2018, 18:56
This revision was automatically updated to reflect the committed changes.