Miroslav wrote:
m.roth(a)5-cent.us wrote:
>> Gag. I hate passenger...
>
>> This is CentOS 6.3
>
>> Does someone have a link to info on what selinux passenger context to set
>> what files to? I see passenger set to lib_t, which I may have done a
>> while back, but the current policy may be more picky. I've looked at the
>> passenger_selinux manpage, and it doesn't suggest what they should be.
The
>> version of ruby my users are on is the old 1.8.7 enterprise,
*not*
>> installed from an rpm, so nothing's correct....
>
> Following myself up, a clarification: I've seen pages that say to set all
> of passenger to httpd_sys_content_t; however, since there's explicitly a
> passenger_*_t, and I *assume* that it allows it to transition to run
> things like ps, and status, I'd like to set them *correctly*, rather than
> as httpd*, and then allow all sorts of things for httpd to do as policy.
labeling.
Thanks, Miroslav. Here's what (once I thought of it) seems like an obvious
question: is there a way, in selinux, to say "I installed this stuff over
here, not in the usual place (say, from a tarball instead of an rpm), but
I want to label everything correctly, something like
<selinuxrelabel> passenger-policy /opt/ruby/gem/etc?
mark