Gitweb and SELinux
Dominick Grift
domg472 at gmail.com
Fri Feb 5 16:57:35 UTC 2010
On 02/05/2010 05:51 PM, Michael Cronenworth wrote:
> Dominick Grift wrote:
>> There is probably a better way to configure this. The problem is that
>> git-daemon is currently a bit messy.
>
> I'd hope so, as now I cannot get access to my own home directory with
> that git context set.
>
>>
>> Could you post your /etc/xinetd.d/git?
>
> I'm not using git-daemon for file access on this particular machine.
> Just SSH. On a Fedora 11 git server, that is using the same directory
> setup, I'm using the following:
Alright well by default personal git repositories are expected in
~/public_git.
That directory and its content is labelled git_personal_t in F12 (if i
am correct).
I would probably use that for personal git repositories and give your
gitweb app access to git_personal_t instead of git_data_t (which is a
type for system wide shared git repositories in /var/lib/git)
Can gitweb not be configured to point to the different personal
repositories? Instead of using symlinks in /srv/git?
> $ cat /etc/xinetd.d/git
> # default: off
> # description: The git dæmon allows git repositories to be exported using \
> # the git:// protocol.
>
> service git
> {
> disable = no
> socket_type = stream
> wait = no
> user = nobody
> server = /usr/bin/git
> server_args = daemon --base-path=/srv/git --export-all
> --user-path=public_git --syslog --inetd --verbose
> log_on_failure += USERID
> # xinetd doesn't do this by default. bug #195265
> flags = IPv6
> }
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100205/4645e5f1/attachment.bin
More information about the selinux
mailing list