[CentOS] apache, passenger, and selinux

Wed Nov 28 21:22:11 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Daniel J Walsh wrote:
> On 11/28/2012 03:18 PM, m.roth at 5-cent.us wrote:
>> I seem to have quieted some, but I'm still getting noise from selinux.
>> Here's one that really puzzles me: my users have a ruby app with
>> passenger running. However, one of the sealerts gives me: sealert -l
>> 5a02b0a1-8512-4f71-b1c8-70a40b090a9d SELinux is preventing /bin/chmod
>> from using the fowner capability.
>> *****  Plugin catchall_boolean (89.3 confidence) suggests
>> *******************
>> If you want to allow Apache to run in stickshift mode, not transition to
>> passenger Then you must tell SELinux about this by enabling the
>> 'httpd_run_stickshift' boolean.You can read 'httpd_selinux' man page for
>> more details. Do setsebool -P httpd_run_stickshift 1 <...>
>> Is there a boolean I'm missing, or are they doing something wrong? Clues
>> for the poor appreciated.
> Have you turned on this boolean?  And did it quiet the AVC's.

I have not. The reason I'm asking is that I was thinking that it *did*
want to transition to passenger, and was hoping for a clue as to why it
was doing this, rather than make the transition. I've asked the lead
developer, who had no clue.

The original lead developer left early this year, IIRC.