Description of problem: When launching a web application with mod passenger on RHEL 6.3 the following error can be seen in the Apache logs: Cannot execute '/usr/share/rubygems/gems/passenger-3.0.17/helper-scripts/prespawn http://127.0.0.1:8080/': Permission denied (13) I believe this is because the prespawn script has the following context: system_u:object_r:usr_t:s0 It should probably be system_u:object_r:passenger_exec_t,s0 Version-Release number of selected component (if applicable): selinux-policy-3.7.19-155.el6_3.8.noarch selinux-policy-targeted-3.7.19-155.el6_3.8.noarch I have also tested with 3.7.19-187 and see the same error. Additional info: The does not prevent the application from loading, only from prespawning. This means that we have to wait for a request to come in before the application will load.
So if you execute # chcon -t passenger_exec_t /usr/share/rubygems/gems/passenger-3.0.17/helper-scripts/prespawn does it work then?
Yes
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
We need to get into RHEL6.4
Fixed in selinux-policy-3.7.19-188.el6
I have verified that selinux-policy-3.7.19-188.el6 resolves the passenger prespawn error for OpenShift Enterprise.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html