-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/14/2012 02:24 PM, m.roth@5-cent.us wrote:
James B. Byrne wrote:
On Thu, September 13, 2012 16:06, m.roth@5-cent.us wrote:
CentOS 6.3. *Just* updated, including most current selinux-policy and selinux-policy-targeted. I'm getting tons of these, as in it's just spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps from search access on the directory @2. For complete SELinux messages. run sealert -l d92ec78b-3897-4760-93c5-343a662fec67
<snip> > Are you running httpd with mod_rails (rails passenger) per chance?
Dan Walsh asked me *exactly* the same question. Yep, they've got ruby apps. As soon as he said that, I googled, and found I needed to set two booleans, and create a policy - that's a *ton* of allows - for passenger. Installed it. It finally shut up....
Thanks!
mark, underwhelmed w/ the need for ruby....
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Only one rule required.
You can either add
domain_read_all_domains_state(httpd_t) or domain_dontaudit_read_all_domains_state(httpd_t)
We are putting fixes in for this in Fedora and soon into RHEL, for the upcoming openshift policy which also uses passenger.