-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/28/2012 04:22 PM, m.roth at 5-cent.us wrote: > Daniel J Walsh wrote: >> On 11/28/2012 03:18 PM, m.roth at 5-cent.us wrote: >>> I seem to have quieted some, but I'm still getting noise from selinux. >>> Here's one that really puzzles me: my users have a ruby app with >>> passenger running. However, one of the sealerts gives me: sealert -l >>> 5a02b0a1-8512-4f71-b1c8-70a40b090a9d SELinux is preventing /bin/chmod >>> from using the fowner capability. >>> >>> ***** Plugin catchall_boolean (89.3 confidence) suggests >>> ******************* >>> >>> If you want to allow Apache to run in stickshift mode, not transition >>> to passenger Then you must tell SELinux about this by enabling the >>> 'httpd_run_stickshift' boolean.You can read 'httpd_selinux' man page >>> for more details. Do setsebool -P httpd_run_stickshift 1 <...> >>> >>> Is there a boolean I'm missing, or are they doing something wrong? >>> Clues for the poor appreciated. >>> >> Have you turned on this boolean? And did it quiet the AVC's. > > I have not. The reason I'm asking is that I was thinking that it *did* want > to transition to passenger, and was hoping for a clue as to why it was > doing this, rather than make the transition. I've asked the lead developer, > who had no clue. > > The original lead developer left early this year, IIRC. > > mark > I am not sure. Of course are the passenger programs properly labeled as passenger_exec_t? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC3n8QACgkQrlYvE4MpobPcVACfV1U9HfKgkvXVuyVqDb3X5e70 WAEAoKk/6sb7D/1nYW2NE+IBGfvrlnZc =1K6o -----END PGP SIGNATURE-----