fedora-selinux December 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Denied for com='ps' name='stat' {open} {read

Re: Denied for com='ps' name='stat' {open} {read} {search}

From: Dominick Grift <domg472_at_nospam>
Date: Fri Dec 31 2010 - 22:36:02 GMT
To: selinux@lists.fedoraproject.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/28/2010 12:45 PM, Daniel J Walsh wrote:
> On 12/26/2010 05:25 PM, Jorge Fábregas wrote:
>> On Sunday, December 26, 2010 05:25:22 pm Dominick Grift wrote:
>>> is trying to read the state files in /proc for some unconfined_t process
>
>> Never thought of /proc. That explains why I found it weird to see a file
>> labeled as unconfined_t.
>
>> Frank: disregard my previous suggetion >:)
>
>> --
>> Jorge
>> --
>> selinux mailing list
>> selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> What OS/Version are you seeing this in?

dwalsh: looks like fedoras' passenger policy only works for passenger 2.*

recently it seems version 3.* was released which introduced some major
changes, causing fedora policy for passenger to completely break.

i started work on a version 3 compatible policy but it is not advancing
at all:

http://fedorapeople.org/gitweb?p=domg472/public_git/ruby.git;a=summary

Also to miroslav: i noticed you have designed current policy for
passenger with /var/lib/passenger as the webapp document root. I am of
the opinion however that passenger/ror webapps should be labelled
https_sys/user/*_script_exec_t just like any other webapp.

- --
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0eWtIACgkQMlxVo39jgT+fCACcCCVcGCOTlUWGzhuL1JsEMvNU
ubcAn1xXQAekYXr56w1RRdow4QZ/lSug
=I+PL
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux