TLDR - having trouble with 5.1.7 and SELinux. Everything works if I run setenforce 0.
Ruby 2.3.4
Redhat 7.4
Passenger 5.1.7
With selinux on, I'm seeing this error in the logs:
AH00035: access to / denied (filesystem path '/webapps/<app>/<env>/current') because search permissions are missing on a component of the path
I checked that other has read and execute permission on the entire path. current is a link to releases/2017... as typical with Capistrano.
Various other things I saw people suggest that I don't really understand:
ps auxwZ | grep 'Passenger core' | grep -v grep
system_u:unconfined_r:unconfined_t:s0 root 22545 0.0 0.0 1223628 11952 ? Sl 17:47 0:00 Passenger core
semodule -l|grep passenger
passenger 104.0
ls -Z /usr/lib64/passenger/support-binaries/PassengerAgent
-rwxr-xr-x. root root system_u:object_r:passenger_exec_t:s0 /usr/lib64/passenger/support-binaries/PassengerAgent
ps auxwZ | grep RubyApp | grep -v grep
system_u:unconfined_r:unconfined_t:s0 deploy 31505 0.0 1.0 670328 176060 ? Sl 18:09 0:00 Passenger RubyApp: qa
I then tried using the releases/2017... directory instead of the symbolically linked current. Then I got the error:
Passenger error #2
My
config.ru is there with read permissions for everyone. Removing
config.ru caused it to show the Redhat welcome page.
I then ran setenforce 0 and everything worked fine with or without the symbolic link.
So, I'm guessing this is an selinux issue but I thought 5.1.7 was supposed to include support for it per the Github issues.
Thank you very much for any help you can provide.
Brian