-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/28/2012 04:22 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 11/28/2012 03:18 PM, m.roth@5-cent.us wrote:
I seem to have quieted some, but I'm still getting noise from selinux. Here's one that really puzzles me: my users have a ruby app with passenger running. However, one of the sealerts gives me: sealert -l 5a02b0a1-8512-4f71-b1c8-70a40b090a9d SELinux is preventing /bin/chmod from using the fowner capability.
***** Plugin catchall_boolean (89.3 confidence) suggests
If you want to allow Apache to run in stickshift mode, not transition to passenger Then you must tell SELinux about this by enabling the 'httpd_run_stickshift' boolean.You can read 'httpd_selinux' man page for more details. Do setsebool -P httpd_run_stickshift 1 <...>
Is there a boolean I'm missing, or are they doing something wrong? Clues for the poor appreciated.
Have you turned on this boolean? And did it quiet the AVC's.
I have not. The reason I'm asking is that I was thinking that it *did* want to transition to passenger, and was hoping for a clue as to why it was doing this, rather than make the transition. I've asked the lead developer, who had no clue.
The original lead developer left early this year, IIRC.
mark
I am not sure. Of course are the passenger programs properly labeled as passenger_exec_t?