On 11/19/24 16:49, Jeffrey Walton wrote:
But I don't think the answer is an allow rule. I _think_ /var/ftc-data needs to use httpd_sys_content_t, not var_t.
The "httpd_sys_content_t" selinux context is usually defined in an selinux policy module dependency when apache is installed in fedora. I'm not sure anything specific has been developed for nginx per se. ymmv, whatever selinux policies have been developed and packaged for common server software. It's been a while, things are rather outdated now, but I believe I've had better luck installing apache and just not using it but leaving it installed while running nginx, because the selinux policies that have been developed in the past for apache usually "just work" with nginx, "httpd_sys_content_t"and everything, although I don't know that piggybacking too much software is the "right" solution either.