Christoffer Reijer

Asked: 2016-08-10 03:10:41 +0800 CST2016-08-10 03:10:41 +0800 CST 2016-08-10 03:10:41 +0800 CST

What SELinux type should I apply on my Unix socket?

I have a Gunicorn socket file: /opt/rtd/gunicorn/run.sock. I need nginx to be able to open this socket and write to it.

When I run sesearch --allow -s httpd_t | grep unix_stream_socket I noticed that httpd_t is allowed to connect to sockets of type httpd_t. But when I try to apply that I get:

# semanage fcontext -a -t httpd_t "/opt/rtd/gunicorn/run.sock"
ValueError: Type httpd_t is invalid, must be a file or device type

I've tried other types I found from sesearch, for example httpd_sys_script_t or even passenger_t. Same result.

What should I set the type to?

I would prefer not to have to create additional policies to allow more than necessary. There must be a way to allow httpd_t to read from a file socket with existing policies in CentOS 7.2, right?

What SELinux type should I apply on my Unix socket?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

What SELinux type should I apply on my Unix socket?

0 Answers