Denied for com='ps' name='stat' {open} {read} {search}
Miroslav Grepl
mgrepl at redhat.com
Mon Jan 3 07:59:50 UTC 2011
On 12/31/2010 10:36 PM, Dominick Grift wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/28/2010 12:45 PM, Daniel J Walsh wrote:
>> On 12/26/2010 05:25 PM, Jorge Fábregas wrote:
>>> On Sunday, December 26, 2010 05:25:22 pm Dominick Grift wrote:
>>>> is trying to read the state files in /proc for some unconfined_t process
>>> Never thought of /proc. That explains why I found it weird to see a file
>>> labeled as unconfined_t.
>>> Frank: disregard my previous suggetion>:)
>>> --
>>> Jorge
>>> --
>>> selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>> What OS/Version are you seeing this in?
> dwalsh: looks like fedoras' passenger policy only works for passenger 2.*
>
> recently it seems version 3.* was released which introduced some major
> changes, causing fedora policy for passenger to completely break.
>
> i started work on a version 3 compatible policy but it is not advancing
> at all:
>
> http://fedorapeople.org/gitweb?p=domg472/public_git/ruby.git;a=summary
I have already added some support for the version 3 to F13/RHEL6 policy.
I will add it also to F14/F15 policy.
Generally I work with "passenger guys" on SELinux policy.
Also I am planning to talk with Michal Fojtik to update his blog.
> Also to miroslav: i noticed you have designed current policy for
> passenger with /var/lib/passenger as the webapp document root. I am of
> the opinion however that passenger/ror webapps should be labelled
> https_sys/user/*_script_exec_t just like any other webapp.
>
> - --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0eWtIACgkQMlxVo39jgT+fCACcCCVcGCOTlUWGzhuL1JsEMvNU
> ubcAn1xXQAekYXr56w1RRdow4QZ/lSug
> =I+PL
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list