Apache + passenger - /tmp permission denied

1
votes

I am trying to run ruby on rails under passenger with apache2 under fedora 19 and i got this error in log

[Tue Feb 25 09:37:52.367683 2014] [passenger:error] [pid 2779] * Passenger could not be initialized because of this error: Unable to start the Phusion Passenger watchdog because it encountered the following error during startup: Cannot change the directory '/tmp/passenger.1.0.2779/generation-1/buffered_uploads' its UID to 48 and GID to 48: Operation not permitted (errno=1)

That directory (/tmp/passenger.1.0.2779) don't even exists. I think that problem is with selinux. I trying to solve it about 4 hours. Httpd is running under user apache and group apache, i tried 

cat /var/log/audit/audit.log | grep passenger | audit2allow -M
passenger semodule -i passenger.pp

but still nothing.

1
ruby-on-railsapachepassenger
Manually create this file "/tmp/passenger.1.0.2779/generation-1/buffered_uploads" and give full permission. Once Give a try.!Pravin Mishra
not working, /tmp/passenger.1.0.xxxx and xxxx is different everytime i run serverFuF
Your passenger running with sudo user?Pravin Mishra
I dont know, it's apache module and apache is running under apache user, so I think passenger is running under apache user too.FuF
Once check apache user permission. Other wise give a try with super user. :)Pravin Mishra

1 Answers

0
votes

In your case, you should switch SELinux into Permissive mode at first, then try to capture the audit log from starting Apache to run your application.1 Once you got the home page of your application, you can build your custom policy with the logs.

  1. Switch SELinux into Permissive mode and clean audit.log

    ]# setenforce 0
    ]# rm /var/log/audit/audit.log
    ]# service auditd restart

  2. Restart Apache

    ]# service httpd restart

  3. Try to open your application with a web browser It might give more information about what is happenning when you application is running.

  4. Make a custom policy module to allow these actions

    ]# mkdir work
    ]# cd work
    ]# grep httpd /var/log/audit/audit.log | audit2allow -M passenger
    ]# ls
    passenger.pp passenger.te

  5. Load postgrey policy module using the 'semodule' command into the current SELinux policy:

    ]# semodule -i passenger.pp
    ]# setenforce 1

  6. Restart Apache

    ]# service httpd restart

References: http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01