We employ a third-party Apache module (passenger aka mod-rails) to handle our Ruby-on-Rails web applications. Because of the lack of SELinux awareness built into the module we currently run these on an isolated virtual host in SE permissive mode. We are in the process of examining whether it is possible to create a local policy for Passenger which will allow it to run in enforcing mode but not open the system to other exploits. We would like to know if there is any on-line venue where the security aspects of specific policy elements might be discussed. Is there such a resource? If so, can anyone here provide the reference? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
