nginx log files have wrong SELinux label on RHEL 8.6

Question

nginx log files have wrong SELinux label on RHEL 8.6

benformosa opened this issue 2 years ago · 2 comments

Bug description

I'm not sure how this situation occurred, but after updating my system to RHEL 8.6, I was unable to start nginx due to incorrect SELinux labels on /var/log/alfresco/nginx.alfresco.access.log and /var/log/alfresco/nginx.alfresco.error.log.

My solution was to add an fcontext mapping to change the type to http_log_t:

sudo semanage fcontext --add --type 'httpd_log_t' '/var/log/alfresco/nginx.*'
sudo restorecon -v /var/log/alfresco/nginx.alfresco.{access,error}.log

Target OS

RHEL 8.6

Ansible error

N/A

Proposal

Include a task to add an fcontext mapping, e.g.

- name: Allow nginx to write log files to /var/log/alfresco
  community.general.sefcontext:
    target: '/var/log/alfresco/nginx.*'
    setype: httpd_log_t
    state: present

- name: Apply new SELinux file context to filesystem
  ansible.builtin.command: restorecon -iv /var/log/alfresco/nginx.*

Answer 1 · 2022-05-23T08:55:27.000Z

Hello, thanks for the feedback.

We currently don't support RHEL 8.6 as per Alfresco platforms matrix of the latest ACS version but thanks for providing a solution that could help anyone in the same situation and that we can integrate in the future once RHEL 8.6 became an official supported platform.

Answer 2 · 2023-03-31T17:17:07.000Z

I faced the same issue with RHEL 8.6 and I ended-up with the same conclusion (slightly different config but it's the same base for the fix). Since it's now in the supported list, I created the PR #567 for that.