Passenger unable to start phusion
-
20-06-2021 - |
سؤال
On Cent OS 6.0 with SELinux running, I get an error "Passenger could not be initialized because of this error: Unable to start the Phusion Passenger watchdog"
This thread discusses the problem. https://groups.google.com/forum/?fromgroups#!topic/phusion-passenger/qaVUIq2HceE
Is there any way to resolve this without disabling SELinux. Seems like it doesn't something important, and should be configured instead of disabled.
المحلول
Because SELinux is wary of Apache, you can try allowing Apache access to passenger files and directories. Try the following, but YMMV! If you’ve installed Phusion Passenger via a gem, then run this command to determine Phusion Passenger’s root folder:
passenger-config --root
Then do
chcon -R -h -t httpd_sys_content_t /path-to-passenger-root
If you installed Passenger from a tarball of some kind, try this instead:
chcon -R -h -t httpd_sys_content_t /path/to/passenger/folder
In either case restart Apache.
You might also need to satisfy SELinux's *httpd_sys_content_t* security context for access to your rails app. You may also need to do the following:
chcon -R -h -t httpd_sys_content_t /path/to/your/rails/app
Maybe this will work for you.
نصائح أخرى
Using chcon only works temporarily. The next time the machine does a reboot and SELinux does a relabel, the configuration will be lost. The files will be relabeled to whatever context is right for where they are in the filesystem.
If you put the rails app under /var/www/html then SELinux will maintain the contexts at relabel time, because SELinux policy says that's where web content should be. Initially you'd do restorecon -R /var/ww/html/path/to/app
to set the contexts.
I've found though, that Passenger does lots of stuff that SELinux wants to deny so just a relabel isn't enough. It's easy to create policy to allow that, but I see it as a security risk. Too bad the Rails community doesn't make it easier to deploy on a normal server (i.e. not an Ruby stack).