Great work! Let's take the discussion to the issue tracker.
On Fri, Sep 21, 2012 at 6:29 PM, iandall <
i...@beware.dropbear.id.au> wrote:
> Currently passenger applications run in the same selinux domain as each
> other and as the server.
>
> This causes a number of problems. For example, on a Fedora 17 system, there
> is a puppet selinux module, but it assumes puppet runs in the puppet_t
> domain. If puppet is run as a passenger application, it will be in the
> passenger_t domain. Adding all the puppet rules to the passenger module is
> sub-optimal!
>
> I have devised a way to get passenger to switch security domains for
> applications. I have tested it for conservative, smart and smartlv2 spawn
> methods. Currently only the apache module and rack applications are
> supported, but it could easily be extended. The apache specific bit is just
> handling the extra options.
>
> I have reported this as issue 798 [patch included] (BTW I can't see a way to
> change the type to "enhancement" so it shows as a "defect").
>
> It would be great if this could be adopted.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Phusion Passenger Discussions" group.
> To view this discussion on the web visit
>
https://groups.google.com/d/msg/phusion-passenger/-/laX6pdMGNVcJ.
> To post to this group, send email to
phusion-...@googlegroups.com.
> To unsubscribe from this group, send email to
>
phusion-passen...@googlegroups.com.
> For more options, visit this group at
>
http://groups.google.com/group/phusion-passenger?hl=en.
--
Phusion | Ruby & Rails deployment, scaling and tuning solutions
Web:
http://www.phusion.nl/
E-mail:
in...@phusion.nl
Chamber of commerce no: 08173483 (The Netherlands)