I have a libvirt vm running nginx with a shared filesystem mounted in the nginx vm, and I want to expose a directory in that mount. nginx seems to be running fine, and I can access the basic local files and subdirs in /usr/share/nginx/html. I have a symlink from the mount to the default nginx location, via
ln -sf /mnt/h_drive/ss4/ /usr/share/nginx/html/
..and I can see the ss4
dir from the browser, but when I click on it, I get the "403 Forbidden" and see the following in my /var/log/nginx/error.log
2017/10/18 17:52:16 [error] 30806#0: *1 opendir() "/usr/share/nginx/html/ss4" failed (13: Permission denied), client: xxx.xxx.xxx.xxx, server: _, request: "GET /opt/ss4/ HTTP/1.1", host: "example.com"
if I disable selinux with setenforce 0
I can access everything.
What do I need to do to allow for accessing this mount?
Best Answer
tips on troubleshooting..
Install as root
$yum install setroubleshoot-server -y
$aureport -a # gives a report on denials
$ausearch -m avc -ts recent #last 10 min
You should be able to update policy
$sudo audit2allow -a
You would see something similar for your own case when the above report is run.
nginx system_u:system_r:httpd_t:s0 5 file getattr unconfined_u:object_r:puppet_etc_t:s0 denied 616
Create policy
$audit2allow -a -M read
Make new policy active
$semodule -i read.pp