mod_passenger needs proper SELinux context for files in /opt/rh/ruby193/root tree. ruby193 metapackage should support SELinux as described in http://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_Developer_Toolset/2/html-single/Software_Collections_Guide/index.html#sect-Software_Collection_SELinux_Support and Bug 1053467
(In reply to Jan Kaluža from comment #0) > mod_passenger needs proper SELinux context for files in /opt/rh/ruby193/root > tree. 1) If root should have some proper context, you should report the issue against scl-utils, since scl-utils maintains the ownership of root filesystem. 2) You are too vague about what folders needs what contexts. You should be able to set up the contexts of the folders you need in your own package. Not sure why the metapackage should be updated.
(In reply to Vít Ondruch from comment #2) > (In reply to Jan Kaluža from comment #0) > > mod_passenger needs proper SELinux context for files in /opt/rh/ruby193/root > > tree. > > 1) If root should have some proper context, you should report the issue > against scl-utils, since scl-utils maintains the ownership of root > filesystem. According to the current guide, ruby193 metapackage is responsible to set SELinux context of directories in /opt/rh/ruby193/root. > 2) You are too vague about what folders needs what contexts. You should be > able to set up the contexts of the folders you need in your own package. Not > sure why the metapackage should be updated. I'm not, the guide says what is needed to done. I'm able to set it in my subpackage, but it's not according to guide and I don't think subpackage should change context of directories it does not own. But I agree with your comments in Bug 824799, so lets keep this one closed. It's not needed in rhscl-1.1.0 anyway.
(In reply to Jan Kaluža from comment #4) > (In reply to Vít Ondruch from comment #2) > > (In reply to Jan Kaluža from comment #0) > > > mod_passenger needs proper SELinux context for files in /opt/rh/ruby193/root > > > tree. > > > > 1) If root should have some proper context, you should report the issue > > against scl-utils, since scl-utils maintains the ownership of root > > filesystem. > > According to the current guide, ruby193 metapackage is responsible to set > SELinux context of directories in /opt/rh/ruby193/root. The point is that the guide is not set in stone. it is evolving. Even though it mentions something about SELinux context, it does not mean it is right and we should not persuade correct solution. > > 2) You are too vague about what folders needs what contexts. You should be > > able to set up the contexts of the folders you need in your own package. Not > > sure why the metapackage should be updated. > > I'm not, the guide says what is needed to done. I'm able to set it in my > subpackage, but it's not according to guide and I don't think subpackage > should change context of directories it does not own. But you probably need correct context of some specific directory passenger is using. You probably don't care about whole root. It has implication who will do the "semanage" and when to call "restorecon", etc. So I'd like to know specific directories you care about. > > But I agree with your comments in Bug 824799, so lets keep this one closed. > It's not needed in rhscl-1.1.0 anyway. Thanks. Lets see ...
(In reply to Vít Ondruch from comment #5) > (In reply to Jan Kaluža from comment #4) > > (In reply to Vít Ondruch from comment #2) > > > (In reply to Jan Kaluža from comment #0) > > > > mod_passenger needs proper SELinux context for files in /opt/rh/ruby193/root > > > > tree. > > > > > > 1) If root should have some proper context, you should report the issue > > > against scl-utils, since scl-utils maintains the ownership of root > > > filesystem. > > > > According to the current guide, ruby193 metapackage is responsible to set > > SELinux context of directories in /opt/rh/ruby193/root. > > The point is that the guide is not set in stone. it is evolving. Even though > it mentions something about SELinux context, it does not mean it is right > and we should not persuade correct solution. Right, but that's not the case for rhscl-1.1.0 (for which I originally addressed this issue before it was clear that we won't do that in 1.1.0), where other packages seem to respect this guide in this regard. > > > 2) You are too vague about what folders needs what contexts. You should be > > > able to set up the contexts of the folders you need in your own package. Not > > > sure why the metapackage should be updated. > > > > I'm not, the guide says what is needed to done. I'm able to set it in my > > subpackage, but it's not according to guide and I don't think subpackage > > should change context of directories it does not own. > > But you probably need correct context of some specific directory passenger > is using. You probably don't care about whole root. It has implication who > will do the "semanage" and when to call "restorecon", etc. > > So I'd like to know specific directories you care about. I care about following three files (pasting here with proper SELinux context): # ls -Z /opt/rh/ruby193/root/usr/lib64/gems/exts/passenger-4.0.18/agents/ -rwxr-xr-x. root root system_u:object_r:passenger_exec_t:s0 PassengerHelperAgent -rwxr-xr-x. root root system_u:object_r:passenger_exec_t:s0 PassengerLoggingAgent -rwxr-xr-x. root root system_u:object_r:passenger_exec_t:s0 PassengerWatchdog > > > > But I agree with your comments in Bug 824799, so lets keep this one closed. > > It's not needed in rhscl-1.1.0 anyway. > > Thanks. Lets see ... Lets stop the discussion here probably. I agree with you it should be fixed globally in scl-utils, but if we would not be able to get the fix there, I think the next place where the fix should be is the metapackage.