[CentOS] SELinux is preventing /bin/ps from search access

Fri Sep 14 18:24:42 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

James B. Byrne wrote:
>
> On Thu, September 13, 2012 16:06, m.roth at 5-cent.us wrote:
>> CentOS 6.3. *Just* updated, including most current selinux-policy and
>> selinux-policy-targeted. I'm getting tons of these, as in it's just
>> spitting them out when I tail -f /var/log/messages:
>> Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps
>> from search access on the directory @2. For complete SELinux messages.
>> run
>> sealert -l d92ec78b-3897-4760-93c5-343a662fec67
<snip>
> Are you running httpd with mod_rails (rails passenger) per chance?

Dan Walsh asked me *exactly* the same question. Yep, they've got ruby
apps. As soon as he said that, I googled, and found I needed to set two
booleans, and create a policy - that's a *ton* of allows - for passenger.
Installed it. It finally shut up....

Thanks!

      mark, underwhelmed w/ the need for ruby....