Page MenuHomeDevCentral

Allow nginx to access container_file_t certificates on Docker engines
ClosedPublic

Authored by dereckson on Feb 14 2020, 01:09.
Tags
None
Referenced Files
F3751938: D2205.diff
Sun, Nov 17, 13:52
Unknown Object (File)
Sun, Nov 10, 23:47
Unknown Object (File)
Sun, Nov 3, 17:05
Unknown Object (File)
Sun, Nov 3, 16:10
Unknown Object (File)
Fri, Oct 25, 19:23
Unknown Object (File)
Wed, Oct 23, 05:09
Unknown Object (File)
Oct 15 2024, 03:05
Unknown Object (File)
Oct 13 2024, 16:15
Subscribers
None

Details

Summary

When upgrading CentOS 8, nginx lost capability to read Let's Encrypt
fullchain.pem and privkey.pem files, both with container_file_t context
as they are managed by a Certbot container.

This change updates the SELinux policy to allow this operation.

Ref T1592

Test Plan

Tested on Equatower

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
centos8/update-nginx-policy
Build Status
Buildable 3418
Build 3667: arc lint + arc unit