I'm using Fedora 14.
To answer Dominik's questions:
1) Why is passenger running in the httpd domain?
I don't know. I've only followed the passenger installation instructions at http://mifo.sk/posts/passenger-selinux-for-fedora/ minus step 5 since Fedora 14 is supposed to have passenger policies installed? Should httpd be in a special passenger domain?
2) is passenger running some webapp that for some reason needs to read the state file in /proc of some process that runs in the unconfined_t domain?
No I don't think so. At least I haven't written any code where I use anything in /proc.
I suppose it is possible that a GEM library may be trying to.
3) does this issue cause any loss of functionality in enforcing mode
I haven't checked yet. I will let you know soon.
4. are you sure passenger and/or the passenger webapp is configured correctly?
I have as far as following the instructions in the blog post above. I wonder if there
is any relabelling I have to do?
2010/12/28 Daniel J Walsh <dwalsh@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What OS/Version are you seeing this in?
On 12/26/2010 05:25 PM, Jorge Fábregas wrote:
> On Sunday, December 26, 2010 05:25:22 pm Dominick Grift wrote:
>> is trying to read the state files in /proc for some unconfined_t process
>
> Never thought of /proc. That explains why I found it weird to see a file
> labeled as unconfined_t.
>
> Frank: disregard my previous suggetion >:)
>
> --
> Jorge
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0ZzdQACgkQrlYvE4MpobMKjgCghMqiQe3BOjMVkqNZGx80/r5r
IK4AoKkfMNux+kp/0TraQ2wWLMck7Ph4
=Rq12
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
