1

From what I can tell, nginx is running in httpd_t security context, while index.html, for instance, is of usr_t one:

$ ps auxZ | grep 'nginx.*worker'
system_u:system_r:httpd_t:s0    nginx    13734  0.0  0.2 112948  3600 ?        S    02:07   0:00 nginx: worker process

$ ls -Z /usr/share/nginx/html/index.html
-rw-r--r--. root root system_u:object_r:usr_t:s0       /usr/share/nginx/html/index.html

I'm running CentOS 7 here, if anything.

Improve this question

1 Answer 1

Reset to default
0

From what I can tell:

$ sesearch -A -t usr_t -p read | grep 'httpd usr_t'
   allow httpd_t usr_t : file { ioctl read getattr execute execute_no_trans open } ;
   allow httpd_t usr_t : dir { ioctl read getattr lock search open } ;
   allow httpd_t usr_t : lnk_file { read getattr } ;

Which supposedly means, that web servers are allowed to access usr_t files. Also, I'm told that usr_t is widely readable.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.