perfinion · jpds · Apr 5, 2021
diff --git a/policy/modules/contrib/nginx.te b/policy/modules/contrib/nginx.te
@@ -80,7 +80,7 @@ files_runtime_file(nginx_runtime_t)
 allow nginx_t self:fifo_file rw_inherited_fifo_file_perms;
 allow nginx_t self:unix_stream_socket create_stream_socket_perms;
 allow nginx_t self:tcp_socket { listen accept };
-allow nginx_t self:capability { setuid net_bind_service setgid chown };
+allow nginx_t self:capability { dac_override setuid net_bind_service setgid chown };
 
 # conf files
 list_dirs_pattern(nginx_t, nginx_conf_t, nginx_conf_t)