commit: e79f1f685bd0e7361828c4ddc59c13e17faa20ef
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Apr 11 08:05:19 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Apr 11 09:48:53 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e79f1f68
allow nginx to connect to uwsgi
policy/modules/contrib/nginx.te | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/policy/modules/contrib/nginx.te b/policy/modules/contrib/nginx.te
index 3a30d69..be59bab 100644
--- a/policy/modules/contrib/nginx.te
+++ b/policy/modules/contrib/nginx.te
@@ -157,3 +157,13 @@ tunable_policy(`nginx_can_network_connect',`
optional_policy(`
phpfpm_stream_connect(nginx_t)
')
+
+ifdef(`distro_gentoo',`
+
+ # needs to be able to signal its children
+ allow nginx_t self:process { signal sigchld };
+
+ optional_policy(`
+ uwsgi_stream_connect(nginx_t)
+ ')
+')
