I am a new admin to a server which uses CentOS 7, nginix and php-fpm. There is a web form that needs to read a local file (prod.pem) and then make an outbound connection to either:
gateway.push.apple.com:2195
gateway.sandbox.push.apple.com:2195
In the audit.log, I see the following 2 entries:
type=AVC msg=audit(1465918007.693:406): avc: denied { read } for pid=1796 comm="php-fpm" name="prod.pem" dev="dm-0" ino=19554
type=SYSCALL msg=audit(1465918007.693:406): arch=c000003e syscall=2 success=no exit=-13 a0=7fff2ee13570 a1=0 a2=1b6 a3=24 items=0 ppid=1213 pid=1796 auid=4294967295 uid=997 gid=996 euid=997 suid=997 fsuid=997 egid=996 sgid=996 fsgid=996 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null)
My /etc/selinux/config:
SELINUX=enforcing
SELINUXTYPE=targeted
How can I configure SELinux to allow the reading of the file and making an outbound connection? I also want to make sure these are retained across reboots.
This did it for me:
-Pmakes it persistent across reboots.