nginx log files have wrong SELinux label on RHEL 8.6
benformosa opened this issue · 2 comments
Bug description
I'm not sure how this situation occurred, but after updating my system to RHEL 8.6, I was unable to start nginx due to incorrect SELinux labels on /var/log/alfresco/nginx.alfresco.access.log
and /var/log/alfresco/nginx.alfresco.error.log
.
My solution was to add an fcontext mapping to change the type to http_log_t
:
sudo semanage fcontext --add --type 'httpd_log_t' '/var/log/alfresco/nginx.*'
sudo restorecon -v /var/log/alfresco/nginx.alfresco.{access,error}.log
Target OS
RHEL 8.6
Ansible error
N/A
Proposal
Include a task to add an fcontext mapping, e.g.
- name: Allow nginx to write log files to /var/log/alfresco
community.general.sefcontext:
target: '/var/log/alfresco/nginx.*'
setype: httpd_log_t
state: present
- name: Apply new SELinux file context to filesystem
ansible.builtin.command: restorecon -iv /var/log/alfresco/nginx.*
Hello, thanks for the feedback.
We currently don't support RHEL 8.6 as per Alfresco platforms matrix of the latest ACS version but thanks for providing a solution that could help anyone in the same situation and that we can integrate in the future once RHEL 8.6 became an official supported platform.
I faced the same issue with RHEL 8.6 and I ended-up with the same conclusion (slightly different config but it's the same base for the fix). Since it's now in the supported list, I created the PR #567 for that.