0

I have a libvirt vm running nginx with a shared filesystem mounted in the nginx vm, and I want to expose a directory in that mount. nginx seems to be running fine, and I can access the basic local files and subdirs in /usr/share/nginx/html. I have a symlink from the mount to the default nginx location, via 

ln -sf /mnt/h_drive/ss4/ /usr/share/nginx/html/

..and I can see the ss4 dir from the browser, but when I click on it, I get the "403 Forbidden" and see the following in my /var/log/nginx/error.log

2017/10/18 17:52:16 [error] 30806#0: *1 opendir() "/usr/share/nginx/html/ss4" failed (13: Permission denied), client: xxx.xxx.xxx.xxx, server: _, request: "GET /opt/ss4/ HTTP/1.1", host: "example.com"

if I disable selinux with setenforce 0 I can access everything.

What do I need to do to allow for accessing this mount?

Improve this question

2 Answers 2

Reset to default
1

tips on troubleshooting..

Install as root

$yum install setroubleshoot-server -y

$aureport -a # gives a report on denials

$ausearch -m avc -ts recent #last 10 min

You should be able to update policy

$sudo audit2allow -a

You would see something similar for your own case when the above report is run.

nginx system_u:system_r:httpd_t:s0 5 file getattr unconfined_u:object_r:puppet_etc_t:s0 denied 616

Create policy

$audit2allow -a -M read

Make new policy active

$semodule -i read.pp

Improve this answer
1

I eventually stumbled on the following as a solution:

semanage allow httpd_t nfs_t:dir read;

Thanks to @bell for the tips on troubleshooting, I definitely will be referencing them for future issues!

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .