On Mon, Mar 03, 2025 at 09:17:40AM +0100, Filippo Bonazzi wrote:
-- nginx will not server files, solution: chcon -R -t httpd_sys_rw_content_t /srv/http I don't think this solution will survive a relabeling. What you should do to support a custom alternative path instead, is to define a context equivalence. In your case I think the standard path should be "/var/www/", so:
$ sudo semanage fcontext --add --equal "/var/www" "/srv/http"
This would add a permanent equivalence between the two folders on your system. Note that you need to relabel after this. Please see the full steps on: https://en.opensuse.org/Portal:SELinux/Common_issues#Non-standard_file_locat... In fact, hold up on doing the above. It looks like this could just be due to bad labeling as well, as suggested by Andrei above. Have you tried simply running $ restorecon -Rv /srv/http
and seeing if that is enough? /srv/http *is* a custom path, but there is some allowance for it in the policy. Note I'm not an expert in web servers or the SELinux policy for them. Filippo -- Filippo Bonazzi Security Engineer suse.com 8257 4398 947A 2DBE F21D 76E6 937A 63F0 5B36 46D9