[CentOS] silencing Passenger "ps" SELinux errors

Wed Mar 27 14:01:56 UTC 2013
Paul Norton <pnorton3.14 at gmail.com>

On 27 March 2013 13:09, ignasr at vault13.lt <ignasr at vault13.lt> wrote:

> Hello,
>
> how do people cope with constant SELinux errors like this from Fusion
> Passenger:
>
> 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2
> file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922
> 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir
> getattr unconfined_u:system_r:initrc_t:s0 denied 1927
> 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir
> search unconfined_u:system_r:initrc_t:s0 denied 1928
>
> It happens when Passenger v3 tries to determine memory stats with "ps".
> There is an Apache directive to turn it of (
>
> http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMemoryLimit
> ), unfortunately it does not work in community version of Passenger.
>
> The cause is always ps running as passenger_t trying to read files in
> /proc with various types of security context.
>
> Thank you,
> IgnasR
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Hello IgnasR
I think that you've posted to the wrong list. The app server support list
is here https://groups.google.com/forum/?fromgroups#!forum/phusion-passenger
Dan Walsh is a great place to start with SELinux
http://people.redhat.com/dwalsh/
SElinux by example takes a great theory and hands on approach
http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694

All the best Paul
-- 
* "I know one thing: That I know nothing"* - Socrates
*"We're all explorers here"* - T S Eliot