10:48 a.m.
I'm not sure where to start on this one.... I've got a user running ruby,
and a gem called passenger. It creates a socket file in a configured
directory (now /var/tmp/passenger/<blah>/backend/. Selinux is complaining
(it's permissive) that it's a potentially mislabelled file. From the
sealert o/p:
<...>
Source Context root:system_r:httpd_t
Target Context root:object_r:httpd_tmp_t
<...>
The directory context is:
d-ws-wx-wx root root root:object_r:httpd_tmp_t ./
d-ws--x--x root root root:object_r:httpd_tmp_t ../
srw------- root root root:object_r:httpd_tmp_t
backend.ib4gxn1IpkOSkiCP0TviW6AoGO2CXhq0W9SzzVsUVMC0U2Yc9zOvVDr=
So, what should it be, to make the AVC go away, and how would I know what
it should be?
mark
11 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/16/2010 11:48 AM, m.roth(a)5-cent.us wrote:
I'm not sure where to start on this one.... I've got a user
running ruby,
and a gem called passenger. It creates a socket file in a configured
directory (now /var/tmp/passenger/<blah>/backend/. Selinux is complaining
(it's permissive) that it's a potentially mislabelled file. From the
sealert o/p:
<...>
Source Context root:system_r:httpd_t
Target Context root:object_r:httpd_tmp_t
<...>
The directory context is:
d-ws-wx-wx root root root:object_r:httpd_tmp_t ./
d-ws--x--x root root root:object_r:httpd_tmp_t ../
srw------- root root root:object_r:httpd_tmp_t
backend.ib4gxn1IpkOSkiCP0TviW6AoGO2CXhq0W9SzzVsUVMC0U2Yc9zOvVDr=
So, what should it be, to make the AVC go away, and how would I know what
it should be?
mark
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
First we would need to see the avc in order to help you. Secondly why
not use /var/run/passenger instead of /var/tmp
rpm -q selinux-policy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkziuLYACgkQrlYvE4MpobOpzwCeIaf5ABU345T/icyqRbEOupMm
yyUAniKIkzkI/QfFejMs4ou0DwqDrNlb
=axKj
-----END PGP SIGNATURE-----
11:04 a.m.
On 11/16/2010 05:48 PM, m.roth(a)5-cent.us wrote:
I'm not sure where to start on this one.... I've got a user
running ruby,
and a gem called passenger. It creates a socket file in a configured
directory (now /var/tmp/passenger/<blah>/backend/. Selinux is complaining
(it's permissive) that it's a potentially mislabelled file. From the
sealert o/p:
<...>
Source Context root:system_r:httpd_t
Target Context root:object_r:httpd_tmp_t
<...>
The directory context is:
d-ws-wx-wx root root root:object_r:httpd_tmp_t ./
d-ws--x--x root root root:object_r:httpd_tmp_t ../
srw------- root root root:object_r:httpd_tmp_t
backend.ib4gxn1IpkOSkiCP0TviW6AoGO2CXhq0W9SzzVsUVMC0U2Yc9zOvVDr=
So, what should it be, to make the AVC go away, and how would I know what
it should be?
mark
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Mark,
look at
http://mifo.sk/posts/passenger-selinux-for-fedora/
It should help you to run passenger with SELinux ;-).
Also which version of Fedora do you have? The Step 5 is not necessary
for Fedora14+ since the passenger policy is shipped in these releases.
So if you have Fedora 14+ your Step 5 will be:
# restorecon -R -v /var/lib/passenger /var/run/passenger
# restorecon -R -v
/usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/ApplicationPoolServerExecutable
Regards,
Miroslav
4901
days inactive
4903
days old
selinux@lists.fedoraproject.org
2 comments
3 participants
participants (3)
-
Daniel J Walsh -
mark -
Miroslav Grepl