From 77730dfede7fb2c19c1fc9545059a44712272d72 Mon Sep 17 00:00:00 2001
From: Macartur Sousa <macartur.sc@gmail.com>
Date: Thu, 16 Apr 2015 16:00:04 -0300
Subject: [PATCH] Added nginx permission to write files  *.error.log

---
 cookbooks/basics/files/default/nginx.te | 11 +++++++++++
 cookbooks/basics/recipes/nginx.rb       | 12 ++++++++++++
 2 files changed, 23 insertions(+), 0 deletions(-)
 create mode 100644 cookbooks/basics/files/default/nginx.te

diff --git a/cookbooks/basics/files/default/nginx.te b/cookbooks/basics/files/default/nginx.te
new file mode 100644
index 0000000..9b3f130
--- /dev/null
+++ b/cookbooks/basics/files/default/nginx.te
@@ -0,0 +1,11 @@
+
+module nginx_integration 1.0;
+
+require {
+	type httpd_log_t;
+	type httpd_t;
+	class file setattr;
+}
+
+#============= httpd_t ==============
+allow httpd_t httpd_log_t:file setattr;
diff --git a/cookbooks/basics/recipes/nginx.rb b/cookbooks/basics/recipes/nginx.rb
index 078d1d8..af5cfcc 100644
--- a/cookbooks/basics/recipes/nginx.rb
+++ b/cookbooks/basics/recipes/nginx.rb
@@ -4,3 +4,15 @@ service 'nginx' do
   action :enable
   supports :restart => true
 end
+
+################################
+#  SELinux: allow nginx to use log files
+################################
+cookbook_file '/etc/selinux/local/nginx.te' do
+  notifies :run, 'execute[selinux-nginx]'
+end
+
+execute 'selinux-nginx' do
+  command 'selinux-install-module /etc/selinux/local/nginx.te'
+  action  :nothing
+end
--
libgit2 0.21.2