commit: e79f1f685bd0e7361828c4ddc59c13e17faa20ef Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Sat Apr 11 08:05:19 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Apr 11 09:48:53 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e79f1f68
allow nginx to connect to uwsgi policy/modules/contrib/nginx.te | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/policy/modules/contrib/nginx.te b/policy/modules/contrib/nginx.te index 3a30d69..be59bab 100644 --- a/policy/modules/contrib/nginx.te +++ b/policy/modules/contrib/nginx.te @@ -157,3 +157,13 @@ tunable_policy(`nginx_can_network_connect',` optional_policy(` phpfpm_stream_connect(nginx_t) ') + +ifdef(`distro_gentoo',` + + # needs to be able to signal its children + allow nginx_t self:process { signal sigchld }; + + optional_policy(` + uwsgi_stream_connect(nginx_t) + ') +')