Those permissions look correct.
Do you have anything else running on the server? Have you tried restarting everything (omero, omero-web, nginx)?
Simon
ps -ef | grep nginx
[root@im~]# service nginx start
Starting nginx: [ OK ]
[root@im~]# ps -ef | grep nginx
root 2345 1 0 19:50 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 2346 2345 0 19:50 ? 00:00:00 nginx: worker process
root 2349 2297 0 19:50 pts/0 00:00:00 grep nginx
[root@im~]# service nginx stop
Stopping nginx: [ OK ]
[root@im~]# nginx
[root@im~]# ps -ef | grep nginx
root 2366 1 0 19:50 ? 00:00:00 nginx: master process nginx
nginx 2367 2366 0 19:50 ? 00:00:00 nginx: worker process
root 2369 2297 0 19:50 pts/0 00:00:00 grep nginx
setenforce 0
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@images2 ~]# setenforce 0
[root@images2 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
type=AVC msg=audit(1420555412.784:47): avc: denied { search } for pid=3386 comm="nginx" name="omero" dev=dm-0 ino=1325803 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1420555412.784:47): arch=c000003e syscall=4 success=no exit=-13 a0=17dc081 a1=7fffa7cf5410 a2=7fffa7cf5410 a3=0 items=0 ppid=3385 pid=3386 auid=0 uid=494 gid=492 euid=494 suid=494 fsuid=494 egid=492 sgid=492 fsgid=492 tty=(none) ses=1 comm="nginx" exe="/usr/sbin/nginx" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1420555412.786:48): avc: denied { name_connect } for pid=3386 comm="nginx" dest=4080 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1420555412.786:48): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=17dd6f8 a2=10 a3=7fffa7cf52a0 items=0 ppid=3385 pid=3386 auid=0 uid=494 gid=492 euid=494 suid=494 fsuid=494 egid=492 sgid=492 fsgid=492 tty=(none) ses=1 comm="nginx" exe="/usr/sbin/nginx" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
If you want to allow /usr/sbin/nginx to connect to network port 4080
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 4080
where PORT_TYPE is one of the following: ldap_port_t, dns_port_t, http_port_t, ocsp_port_t, kerberos_port_t.
...
If you want to allow httpd to read user content
Then you must tell SELinux about this by enabling the 'httpd_read_user_content'boolean.
Do
setsebool -P httpd_read_user_content 1
...
Return to Installation and Deployment
Users browsing this forum: No registered users and 1 guest