I seem to have quieted some, but I'm still getting noise from selinux.
Here's one that really puzzles me: my users have a ruby app with passenger
running. However, one of the sealerts gives me:
sealert -l 5a02b0a1-8512-4f71-b1c8-70a40b090a9d
SELinux is preventing /bin/chmod from using the fowner capability.
***** Plugin catchall_boolean (89.3 confidence) suggests
*******************
If you want to allow Apache to run in stickshift mode, not transition to
passenger
Then you must tell SELinux about this by enabling the
'httpd_run_stickshift' boolean.You can read 'httpd_selinux' man page for
more details.
Do
setsebool -P httpd_run_stickshift 1
<...>
Is there a boolean I'm missing, or are they doing something wrong? Clues
for the poor appreciated.
mark