aproxacs » selinux http://aproxacs.blog.qrobo.com Tue, 07 Jul 2009 23:07:52 +0000 http://wordpress.org/?v=2.8.2 en hourly 1 Passenger and SE linux http://aproxacs.blog.qrobo.com/2009/07/03/passenger-and-se-linux/ http://aproxacs.blog.qrobo.com/2009/07/03/passenger-and-se-linux/#comments Thu, 02 Jul 2009 15:43:23 +0000 aproxacs http://blog.aproxacs.com/2009/07/03/passenger-and-se-linux/

Before passenger, it was a big issue to deploy rails appliation. We needed so many things to configure such as mogrel, mogrel cluster, and god. Now we just need a passenger and apache. It is as simple as PHP. What makes me more impressed is passenger is super easy to install. It uses gem system.

sudo gem install passenger

To install passenger as a apache module passenger-install-apache2-module command is used.

passenger-install-apache2-module

This command is very nice because it notifies me what to do next whenever there is a problem. And It shows apache configuration to set at the end. How nice!

clip_image001

SE linux

A week ago, I asked to set up a deploy environment with passenger and apache on fedora linux. I thought it would be a piece of cake at the first time, but I struggled all day. I installed passenger and configure apache settings and virtual hosts as always. After restarting apache, I found it failed. What’s wrong?

The folowing error occured. This error can be checked in /var/log/httpd/error_log file.

[Thu Jul 02 17:53:03 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Jul 02 17:53:03 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
*** Passenger ERROR (ext/common/ApplicationPoolServer.h:643):
Cannot execute /usr/lib/ruby/gems/1.8/gems/passenger-2.2.4/ext/apache2/ApplicationPoolServerExecutable: Permission denied (13)

A permission to execute passenger is denied. But permission is allowed to everybody if I check this file by ls command.

-rwxr-xr-x. 1 root root 2528880 2009-07-02 17:35 /usr/lib/ruby/gems/1.8/gems/passenger-2.2.4/ext/apache2/ApplicationPoolServerExecutable

This is thanks to the SELinux policy. SELinux is Secure Enhanced linux. I am not explainig SE linux here. One thing I know is httpd is affected by the SE linux policy and this policy prevents passenger from executing. The easist way to avoid this is not to use SE Linux. One time command is 

setenforce Permissive

If you want not to use it permanently, edit /etc/selinux/config

SELINUX=permissive

If you have to keep using SE linux, there is how-to in passenger documents. I followed these steps once, but failed. It kept showing errors that it did not have a permission to create directory or sock. I stopped a little quickly, casue it was not that important to me. Wish you have a good luck and share me if you success.

]]> http://aproxacs.blog.qrobo.com/2009/07/03/passenger-and-se-linux/feed/ 0