Daniel:
I'm using Fedora 14.
To answer Dominik's questions:
1) Why is passenger running in the httpd domain? I don't know. I've only followed the passenger installation instructions at http://mifo.sk/posts/passenger-selinux-for-fedora/ minus step 5 since Fedora 14 is supposed to have passenger policies installed? Should httpd be in a special passenger domain?
2) is passenger running some webapp that for some reason needs to read the state file in /proc of some process that runs in the unconfined_t domain? No I don't think so. At least I haven't written any code where I use anything in /proc. I suppose it is possible that a GEM library may be trying to.
3) does this issue cause any loss of functionality in enforcing mode I haven't checked yet. I will let you know soon.
4. are you sure passenger and/or the passenger webapp is configured correctly? I have as far as following the instructions in the blog post above. I wonder if there is any relabelling I have to do?
2010/12/28 Daniel J Walsh dwalsh@redhat.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/26/2010 05:25 PM, Jorge Fábregas wrote:
On Sunday, December 26, 2010 05:25:22 pm Dominick Grift wrote:
is trying to read the state files in /proc for some unconfined_t
process
Never thought of /proc. That explains why I found it weird to see a file labeled as unconfined_t.
Frank: disregard my previous suggetion >:)
-- Jorge -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
What OS/Version are you seeing this in? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0ZzdQACgkQrlYvE4MpobMKjgCghMqiQe3BOjMVkqNZGx80/r5r IK4AoKkfMNux+kp/0TraQ2wWLMck7Ph4 =Rq12
-----END PGP SIGNATURE-----
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux