On 27 March 2013 13:09, ignasr@xxxxxxxxxx <ignasr@xxxxxxxxxx> wrote:
> Hello,
>
> how do people cope with constant SELinux errors like this from Fusion
> Passenger:
>
> 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2
> file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922
> 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir
> getattr unconfined_u:system_r:initrc_t:s0 denied 1927
> 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir
> search unconfined_u:system_r:initrc_t:s0 denied 1928
>
> It happens when Passenger v3 tries to determine memory stats with "ps".
> There is an Apache directive to turn it of (
>
> http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMemoryLimit
> ), unfortunately it does not work in community version of Passenger.
>
> The cause is always ps running as passenger_t trying to read files in
> /proc with various types of security context.
>
> Thank you,
> IgnasR
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
Hello IgnasR
I think that you've posted to the wrong list. The app server support list
is here https://groups.google.com/forum/?fromgroups#!forum/phusion-passenger
Dan Walsh is a great place to start with SELinux
http://people.redhat.com/dwalsh/
SElinux by example takes a great theory and hands on approach
http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694
All the best Paul
--
* "I know one thing: That I know nothing"* - Socrates
*"We're all explorers here"* - T S Eliot
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
