Miroslav Grepl wrote:
On 11/29/2012 08:00 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 11/28/2012 04:22 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 11/28/2012 03:18 PM, m.roth@5-cent.us wrote:
I seem to have quieted some, but I'm still getting noise from selinux. Here's one that really puzzles me: my users have a ruby
app with
passenger running. However, one of the sealerts gives me: sealert -l 5a02b0a1-8512-4f71-b1c8-70a40b090a9d SELinux is preventing /bin/chmod from using the fowner capability.
***** Plugin catchall_boolean (89.3 confidence) suggests
If you want to allow Apache to run in stickshift mode, not transition to passenger Then you must tell SELinux about this by enabling the 'httpd_run_stickshift' boolean.You can read 'httpd_selinux' man page for more details. Do setsebool -P httpd_run_stickshift 1 <...>
Is there a boolean I'm missing, or are they doing something wrong? Clues for the poor appreciated.
Have you turned on this boolean? And did it quiet the AVC's.
I have not. The reason I'm asking is that I was thinking that it *did* want to transition to passenger, and was hoping for a clue as to why it was doing this, rather than make the transition. I've asked the lead developer, who had no clue.
The original lead developer left early this year, IIRC.
I am not sure. Of course are the passenger programs properly labeled as passenger_exec_t?
I just tried. I'm on CentOS 6.3, and get semanage fcontext -a -t passenger_exec_t "/opt/ruby/lib/ruby/gems/1.8/gems/passenger-3.0.15/bin/*" libsepol.context_from_record: type passenger_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:passenger_exec_t:s0 specified for /opt/ruby/lib/ruby/gems/1.8/gems/passenger-3.0.15/bin/* [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). /usr/sbin/semanage: Could not commit semanage transaction
What does
# rpm -q selinux-policy
selinux-policy-3.7.19-155.el6_3.8.noarch
# seinfo -t |grep passenger
Nothing.
mark