Diffusion Nasqueron Operations 1c5a10f2ffd7

Allow nginx to access container_file_t certificates on Docker engines
1c5a10f2ffd7
Actions

Description

Allow nginx to access container_file_t certificates on Docker engines

Summary:
When upgrading CentOS 8, nginx lost capability to read Let's Encrypt
fullchain.pem and privkey.pem files, both with container_file_t context
as they are managed by a Certbot container.

This change updates the SELinux policy to allow this operation.

Ref T1592

Test Plan: Tested on Equatower

Reviewers: dereckson

Reviewed By: dereckson

Maniphest Tasks: T1592

Differential Revision: https://devcentral.nasqueron.org/D2205

Details

Provenance

dereckson	Authored on Feb 14 2020, 01:20
dereckson	Pushed on Feb 14 2020, 01:28

Reviewer

dereckson

Differential Revision

D2205: Allow nginx to access container_file_t certificates on Docker engines

Parents

rOPS51b42a7711de: Create swap file if no swap partition exist

Branches

Unknown

Tags

Unknown

Tasks

T1592: Upgrade Docker engines to CentOS 8.1

Event Timeline

dereckson committed rOPS1c5a10f2ffd7: Allow nginx to access container_file_t certificates on Docker engines (authored by dereckson).Feb 14 2020, 01:28

dereckson added an edge: D2205: Allow nginx to access container_file_t certificates on Docker engines.

dereckson added a task: T1592: Upgrade Docker engines to CentOS 8.1.

Changes (1)

Path

Size

roles/

paas-docker/

nginx/

files/

selinux/

nginx.te

rOPS1c5a10f2ffd7

View Options

roles/paas-docker/nginx/files/selinux/nginx.te