Fedora 17, Passenger, Postgresl and Apache

[Pete Stieber]

On 08/07/2012 06:46 PM, PS = Pete Stieber wrote:
PS>> If I temporarily disable selinux, this doesn't occur.

On 8/7/2012 6:58 PM, JZ = Joe Zeff wrote:
JZ> Do you have the SELinux Troubleshooter daemon
JZ> running?  If not, activate it and see if you
JZ> have any alerts.  If so, the troubleshooter
JZ> will  probably tell you how to correct the issue.

# setenforce 0
# systemctl restart httpd.service
# setenforce 1
# audit2allow < /var/log/audit/audit.log


#============= passenger_t ==============
#!!!! The source type 'passenger_t' can write to a 'dir' of the 
following types:
# passenger_log_t, passenger_tmp_t, passenger_var_lib_t, passenger_var_run_t

allow passenger_t httpd_tmpfs_t:dir { search setattr read create write 
getattr remove_name open add_name };
#!!!! The source type 'passenger_t' can write to a 'file' of the 
following types:
# puppet_var_lib_t, passenger_log_t, passenger_tmp_t, 
passenger_var_lib_t, passenger_var_run_t

allow passenger_t httpd_tmpfs_t:file { write create open setattr };
allow passenger_t httpd_tmpfs_t:sock_file { create unlink setattr };
allow passenger_t init_t:unix_stream_socket { getattr ioctl };
allow passenger_t usr_t:file { execute execute_no_trans };

I sent this via private email to the Fedora selinux experts hoping they 
would make a recommendation, but I figured posting to the list couldn't 
hurt.

Pete