On 08/07/2012 06:46 PM, PS = Pete Stieber wrote:
PS>> If I temporarily disable selinux, this doesn't occur.
On 8/7/2012 6:58 PM, JZ = Joe Zeff wrote:
JZ> Do you have the SELinux Troubleshooter daemon
JZ> running? If not, activate it and see if you
JZ> have any alerts. If so, the troubleshooter
JZ> will probably tell you how to correct the issue.
# setenforce 0
# systemctl restart httpd.service
# setenforce 1
# audit2allow < /var/log/audit/audit.log
#============= passenger_t ==============
#!!!! The source type 'passenger_t' can write to a 'dir' of the
following types:
# passenger_log_t, passenger_tmp_t, passenger_var_lib_t, passenger_var_run_t
allow passenger_t httpd_tmpfs_t:dir { search setattr read create write
getattr remove_name open add_name };
#!!!! The source type 'passenger_t' can write to a 'file' of the
following types:
# puppet_var_lib_t, passenger_log_t, passenger_tmp_t,
passenger_var_lib_t, passenger_var_run_t
allow passenger_t httpd_tmpfs_t:file { write create open setattr };
allow passenger_t httpd_tmpfs_t:sock_file { create unlink setattr };
allow passenger_t init_t:unix_stream_socket { getattr ioctl };
allow passenger_t usr_t:file { execute execute_no_trans };
I sent this via private email to the Fedora selinux experts hoping they
would make a recommendation, but I figured posting to the list couldn't
hurt.
Pete
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
