Silencing Passenger “ps” SELinux Errors

Home » CentOS » Silencing Passenger “ps” SELinux Errors
CentOS 3 Comments

Hello,

how do people cope with constant SELinux errors like this from Fusion passenger:

36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2
file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922
36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927
36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir search unconfined_u:system_r:initrc_t:s0 denied 1928

It happens when Passenger v3 tries to determine memory stats with “ps”. There is an Apache directive to turn it of (
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMemoryLimit
), unfortunately it does not work in community version of Passenger.

The cause is always ps running as passenger_t trying to read files in
/proc with various types of security context.

Thank you, IgnasR

3 thoughts on - Silencing Passenger “ps” SELinux Errors

LEAVE A COMMENT