search for: passenger_t

...tion on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module puppet_passenger 1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto g...

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir search unconfined_u:system_r:...

...audit logs I found this entry: type=AVC msg=audit(1434769414.956:562): avc: denied { open } for pid=3558 comm="ruby" path="/etc/puppet/environments/production/modules/bacula/files/monitor1/monitor1.mydomain.com.crt" dev="vda1" ino=1842005 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file And audit2allow told me this: #grep puppet /var/log/audit/audit.log | audit2allow -M puppet ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i puppet.pp But in installing the module I...

...at didn't seem to have an effect. Knowing nothing of your scenario, look at the source and target context. > > Looks like you copied a crt from an nfs location and you don't have a > file context defined to transition labels, maybe something like: > > semanage fcontext -a -t passenger_t "/etc/puppet/environments(/.*)?" > > However, I know nothing of puppets selinux infrastructure, you may need > a more applicable type. > > In these cases, audit2allow can't possibly guess the right thing and will > certainly produce a rule that is either unsafe or s...

...t; >> Knowing nothing of your scenario, look at the source and target context. >>> Looks like you copied a crt from an nfs location and you don't have a >>> file context defined to transition labels, maybe something like: >>> >>> semanage fcontext -a -t passenger_t "/etc/puppet/environments(/.*)?" >>> >>> However, I know nothing of puppets selinux infrastructure, you may need >>> a more applicable type. >>> >>> In these cases, audit2allow can't possibly guess the right thing and will >>> cer...

...effect. > > Knowing nothing of your scenario, look at the source and target context. >> >> Looks like you copied a crt from an nfs location and you don't have a >> file context defined to transition labels, maybe something like: >> >> semanage fcontext -a -t passenger_t "/etc/puppet/environments(/.*)?" >> >> However, I know nothing of puppets selinux infrastructure, you may need >> a more applicable type. >> >> In these cases, audit2allow can't possibly guess the right thing and will >> certainly produce a rule th...