On Wed, Jul 1, 2015 at 5:56 AM, Veli-Pekka Kestilä <
vpke...@gmail.com> wrote:
> Not a problem. Just decided to report after I got it working. As I mentioned
> I am totally happy that the PassengerAgent is run as unconfined, but it
> seems to touch a lot of places which makes it harder to make clean policy
> for it.
That would be a bit hard. One of PassengerAgent's job is to spawn
application processes as arbitrary users
(
https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#user_switching).
So I'm not sure whether confining PassengerAgent in its current state
is useful. A true confinement would require an architectural change,
e.g. splitting the spawning responsibility to its own process that
runs in its own domain. But that would open up new security
challenges, such as how to prevent a hijacked PassengerAgent from
telling the spawner to run an arbitrary command.
> Maybe I will take crack at it later. Is there easy way to run
> PassengerAgent with strace on?
You can run PassengerAgent standalone. Run it with --help to learn how.
But I've found using setroubleshoot and reading the AVC logs to be an
easier way of finding out how to write a policy.
By the way, the issue has been fixed in Git. We'll release asap.