grsecurity forums

Skip to content

Passenger / mod_rails - SOLVED

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Passenger / mod_rails - SOLVED

Postby friend82 » Fri Feb 25, 2011 7:25 am

i had too wait longer and constantly repeat all the steps.
wait.... wait .. and again
it was a background process that checked something via ps only from time to time
--------------------

hi.

grsecurity doesnt seem to generate rules for my apache module "Passenger".
i ve fully tested the webapp and reloaded the page with the module (it reloads the rails app in the memory when i touch /railsapp/tmp/restart.txt) .
but when i do the same with the generated policy on grsec floods my logs with

http://img12.imageshack.us/img12/6739/testri.jpg.

grsec didnt generate any policies for the subjects PassengerWatchdog or PassengerHelper

the policy-file: https://gist.github.com/843665

mod_rails / passenger runs as root
and starts the railsapp as nobody
so my intention is to run the railsapp with the least priv. possible
to avoid chrooting an apache or nginx for each webapp as there is no safemode or openbasedir restriction for mod_rails/passenger

ps aux | grep apache -->
root 3162 0.0 0.5 7236 4576 ? Ss 11:29 0:02 /usr/sbin/apache2 -k start
www-data 3229 0.1 0.6 7404 5412 ? S 11:31 0:03 /usr/sbin/apache2 -k start
www-data 3261 0.1 0.6 7404 5412 ? S 11:31 0:03 /usr/sbin/apache2 -k start
www-data 3555 0.0 0.6 7404 5396 ? S 11:41 0:01 /usr/sbin/apache2 -k start
www-data 3632 0.0 0.6 7404 5320 ? S 11:42 0:01 /usr/sbin/apache2 -k start
www-data 3638 0.0 0.6 7404 5388 ? S 11:42 0:01 /usr/sbin/apache2 -k start
www-data 3686 0.0 0.6 7396 5208 ? S 11:44 0:00 /usr/sbin/apache2 -k start
www-data 3694 0.0 0.6 7396 5432 ? S 11:45 0:00 /usr/sbin/apache2 -k start
www-data 3700 0.0 0.6 7396 5204 ? S 11:45 0:00 /usr/sbin/apache2 -k start
www-data 3712 0.0 0.6 7396 5432 ? S 11:45 0:00 /usr/sbin/apache2 -k start
www-data 3798 0.0 0.3 7236 2856 ? S 12:07 0:00 /usr/sbin/apache2 -k start

root@debian:/etc/grsec# ps aux | grep Passenger
root 3165 0.0 0.4 4216 3164 ? Ssl 11:29 0:00 PassengerWatchdog
root 3168 1.0 0.6 15632 4784 ? Sl 11:29 0:28 PassengerHelperAgent
nobody 3173 0.0 0.7 9512 5656 ? Sl 11:29 0:00 PassengerLoggingAgent
root 3780 0.0 1.2 17756 9780 ? S 12:06 0:00 Passenger spawn server

i m glad for every hint.

marcel
friend82
 
Posts: 1
Joined: Fri Feb 25, 2011 7:02 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron