On Wed, 2010-07-28 at 18:01 +0200, Jeroen van Meeuwen wrote:
Aahh .. that's why I couldn't find it.
> * the scripts installed into /usr/bin (passenger-status
etc.) are
> broken since they expect to be executed from the gemdir. We need
> to add wrapper scripts similar to what 'gem install' to /usr/bin
I think I shipped some patch(es) for this.
I can't find them in your latest SRPM for 2.2.10, pulled from your koji.
> * passenger is horribly broken with SELinux. I tried
following the
> instructions from the Passenger manual[1] and somebody's SELinux
> policy[2] to no avail; passenger can not create its socket with
> that. Some of the instructions in [1] sound odd, like doing
> 'chcon -R httpd_sys_content_t' on the gemdir
>
I've had a conversation about this before, and it'll take some cycles to come
up with a sane /var/lib/passenger/ type of security context, some policy to
allow httpd_t to do something or the other, and so forth.
The very ugly version of a custom policy that I use now is attached.
Have you talked to Dan Walsh about it ? I bet if somebody who
understands what passenger does in terms of security-relevant
operations, he'd help write a policy.
David