Initial commit

nginx/selinux/compile.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+checkmodule -M -m -o nginx.mod nginx.te
+semodule_package -o nginx.pp -m nginx.mod
+semodule -i nginx.pp

nginx/selinux/nginx.te

@@ -0,0 +1,13 @@
+module nginx 1.0;
+
+require {
+	type initrc_t;
+	type httpd_t;
+	type var_run_t;
+	class sock_file write;
+	class unix_stream_socket connectto;
+}
+
+#============= httpd_t ==============
+allow httpd_t initrc_t:unix_stream_socket connectto;
+allow httpd_t var_run_t:sock_file write;