Fix selinux policy on RHEL 8 (#413)

nginx · Jul 24, 2023 · 88ad4b3 · 88ad4b3
1 parent 06e9952
commit 88ad4b3
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -105,8 +105,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
+      # Change made to fix an issue cause by security fix in Go 1.20.6 & 1.19.11 which was causing TestContainers to fail
+      # https://github.com/testcontainers/testcontainers-go/issues/1359 
         with:
-          go-version-file: 'go.mod'
+           go-version: '1.19.10'
       - name: Run Integration Tests
         run: |
           go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}

diff --git a/scripts/selinux/nginx_agent.pp b/scripts/selinux/nginx_agent.pp
diff --git a/scripts/selinux/nginx_agent.te b/scripts/selinux/nginx_agent.te
@@ -409,13 +409,31 @@ require {
 #============= nginx_agent_t ==============
 files_rw_etc_files(nginx_agent_t)
 
+require {
+	type nginx_agent_t;
+}
+
+#============= nginx_agent_t ==============
+files_read_var_lib_files(nginx_agent_t)
 
 require {
 	type nginx_agent_t;
-    type dosfs_t;
 }
 
 #============= nginx_agent_t ==============
+files_manage_usr_files(nginx_agent_t)
 files_read_var_lib_files(nginx_agent_t)
-allow nginx_agent_t var_lib_t:file write;
-allow nginx_agent_t dosfs_t:filesystem getattr;
+
+require {
+	type nginx_agent_t;
+}
+
+#============= nginx_agent_t ==============
+apache_manage_lib(nginx_agent_t)
+
+require {
+	type nginx_agent_t;
+}
+
+#============= nginx_agent_t ==============
+files_manage_mounttab(nginx_agent_t)