James B. Byrne
2015-Aug-13 14:12 UTC
[CentOS] CentOS-6, SELInux, Ruby-on-Rails, Passenger and Kernel-2.6.32
We run a project administration system web application call 'Redmine'.
I have been trying for ages, without success, to get SELinux and
Passenger -- essentially a fast-cgi replacement Apache module built
specifically for Rails -- to run together.
I have found that the latest versions of the Passenger Apache module
are supposed to work on CentOS-6, but not with the stock kernel.
See:
https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/apache/oss/el6/install_passenger.html#step-1:-upgrade-your-kernel,-or-disable-selinux
My questions are: Are there really really grave implications of using
the kernel-ml form epel repo to get a sufficiently modern kernel to
finally get Passenger and SELinux to work together? And are those
implications more grave than simply disabling SELinux on that server
entirely, which is the only other choice.
TIA
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
m.roth at 5-cent.us
2015-Aug-13 15:00 UTC
[CentOS] CentOS-6, SELInux, Ruby-on-Rails, Passenger and Kernel-2.6.32
James B. Byrne wrote:> We run a project administration system web application call 'Redmine'. > I have been trying for ages, without success, to get SELinux and > Passenger -- essentially a fast-cgi replacement Apache module built > specifically for Rails -- to run together. > > I have found that the latest versions of the Passenger Apache module > are supposed to work on CentOS-6, but not with the stock kernel.<snip> We had a project that used ruby-on-rails & passenger (bleah!), and I though I don't seem to have any links bookmarked, I know that I could google, and find either a passenger policy, or how to create one, so that it worked with the stock kernel. Ah, I just looked on one of the servers that had it, and I see we created our own. If you like, I can email you the four .5e's I have offlist. mark