Apache + passenger - /tmp permission denied

Question

I am trying to run ruby on rails under passenger with apache2 under fedora 19 and i got this error in log

[Tue Feb 25 09:37:52.367683 2014] [passenger:error] [pid 2779] * Passenger could not be initialized because of this error: Unable to start the Phusion Passenger watchdog because it encountered the following error during startup: Cannot change the directory '/tmp/passenger.1.0.2779/generation-1/buffered_uploads' its UID to 48 and GID to 48: Operation not permitted (errno=1)

That directory (/tmp/passenger.1.0.2779) don't even exists. I think that problem is with selinux. I trying to solve it about 4 hours. Httpd is running under user apache and group apache, i tried

cat /var/log/audit/audit.log | grep passenger | audit2allow -M
passenger semodule -i passenger.pp

but still nothing.

Answer 1

In your case, you should switch SELinux into Permissive mode at first, then try to capture the audit log from starting Apache to run your application. 1 Once you got the home page of your application, you can build your custom policy with the logs.

1. Switch SELinux into Permissive mode and clean audit.log

   ]# setenforce 0
   ]# rm /var/log/audit/audit.log
   ]# service auditd restart

2. Restart Apache

   ]# service httpd restart

3. Try to open your application with a web browser It might give more information about what is happenning when you application is running.

4. Make a custom policy module to allow these actions

   ]# mkdir work
   ]# cd work
   ]# grep httpd /var/log/audit/audit.log | audit2allow -M passenger
   ]# ls
   passenger.pp passenger.te

5. Load postgrey policy module using the 'semodule' command into the current SELinux policy:

   ]# semodule -i passenger.pp
   ]# setenforce 1

6. Restart Apache

   ]# service httpd restart

References: http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01