Denied for com='ps' name='stat' {open} {read} {search}
Miroslav Grepl
mgrepl at redhat.com
Mon Jan 3 08:15:28 UTC 2011
On 01/03/2011 07:59 AM, Miroslav Grepl wrote:
> On 12/31/2010 10:36 PM, Dominick Grift wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/28/2010 12:45 PM, Daniel J Walsh wrote:
>>> On 12/26/2010 05:25 PM, Jorge Fábregas wrote:
>>>> On Sunday, December 26, 2010 05:25:22 pm Dominick Grift wrote:
>>>>> is trying to read the state files in /proc for some unconfined_t process
>>>> Never thought of /proc. That explains why I found it weird to see a file
>>>> labeled as unconfined_t.
>>>> Frank: disregard my previous suggetion>:)
>>>> --
>>>> Jorge
>>>> --
>>>> selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> What OS/Version are you seeing this in?
>> dwalsh: looks like fedoras' passenger policy only works for passenger 2.*
>>
>> recently it seems version 3.* was released which introduced some major
>> changes, causing fedora policy for passenger to completely break.
>>
>> i started work on a version 3 compatible policy but it is not advancing
>> at all:
>>
>> http://fedorapeople.org/gitweb?p=domg472/public_git/ruby.git;a=summary
> I have already added some support for the version 3 to F13/RHEL6 policy.
> I will add it also to F14/F15 policy.
Well, actually the fixes are already in the latest F14/F15 policy.
But I just treat all with passenger_t domain, I will look at your policy.
> Generally I work with "passenger guys" on SELinux policy.
>
> Also I am planning to talk with Michal Fojtik to update his blog.
>> Also to miroslav: i noticed you have designed current policy for
>> passenger with /var/lib/passenger as the webapp document root. I am of
>> the opinion however that passenger/ror webapps should be labelled
>> https_sys/user/*_script_exec_t just like any other webapp.
>>
>> - --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.16 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk0eWtIACgkQMlxVo39jgT+fCACcCCVcGCOTlUWGzhuL1JsEMvNU
>> ubcAn1xXQAekYXr56w1RRdow4QZ/lSug
>> =I+PL
>> -----END PGP SIGNATURE-----
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list