Gitweb and SELinux
Michael Cronenworth
mike at cchtml.com
Fri Feb 5 15:53:59 UTC 2010
I am attempting to use gitweb to display git repos that live in /home
directories. The developers use ssh to push changes to their home
directory. It seems every Fedora release gitweb and SELinux have
changes. With Fedora 12, I cannot get SELinux to be happy about
accessing the git repos.
Gitweb is pointing to:
/srv/git/
Inside of that directory live symlinks to the git repos that live in
/home/user1/git
/home/user2/git
etc.
I've attached the sealert output about the denial. I tried to assign a
context of httpd_git_content_ra_t to my git repo, but that did not allow
access. I realize this may not be "100%" secure, but this setup was
functioning in Fedoras 11 and under. I'd create a bug, but I'm not sure
if this setup would be considered a bug of SELinux.
Additional info:
$ ls -Z /var/www/git/
-rw-r--r--. root root system_u:object_r:httpd_git_content_t:s0
git-favicon.png
-rw-r--r--. root root system_u:object_r:httpd_git_content_t:s0 git-logo.png
-rwxr-xr-x. root root system_u:object_r:httpd_git_script_exec_t:s0
gitweb.cgi
-rw-r--r--. root root system_u:object_r:httpd_git_content_t:s0
gitweb_config.perl
-rw-r--r--. root root system_u:object_r:httpd_git_content_t:s0 gitweb.css
Any ideas to allow access?
Thanks,
Michael
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sealert.txt
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100205/c9dcf6de/attachment.txt
More information about the selinux
mailing list