Looking for links: passenger & selinux
Miroslav Grepl
mgrepl at redhat.com
Thu Mar 14 08:00:36 UTC 2013
On 03/08/2013 05:43 PM, m.roth at 5-cent.us wrote:
> m.roth at 5-cent.us wrote:
>> Gag. I hate passenger...
>>
>> This is CentOS 6.3
>>
>> Does someone have a link to info on what selinux passenger context to set
>> what files to? I see passenger set to lib_t, which I may have done a
>> while back, but the current policy may be more picky. I've looked at the
>> passenger_selinux manpage, and it doesn't suggest what they should be. The
>> version of ruby my users are on is the old 1.8.7 enterprise, *not*
>> installed from an rpm, so nothing's correct....
>>
> Following myself up, a clarification: I've seen pages that say to set all
> of passenger to httpd_sys_content_t; however, since there's explicitly a
> passenger_*_t, and I *assume* that it allows it to transition to run
> things like ps, and status, I'd like to set them *correctly*, rather than
> as httpd*, and then allow all sorts of things for httpd to do as policy.
>
> mark
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
We have passenger fixes in RHEL6.4. Basically you will need to follow
http://git.fedorahosted.org/cgit/selinux-policy.git/tree/passenger.fc?h=f18-contrib
labeling.
Regards,
Miroslav
More information about the selinux
mailing list