Selinux policy for git + apache
Roberto Sassu
roberto.sassu at polito.it
Mon Jan 18 15:12:02 UTC 2010
Hi all
i have an issue when configuring apache + git + gitweb on fedora 12 (with /srv
mounted in another ext4 partition).
I put all my data in /srv/git, including gitweb relevant files.
Then i relabeled the entire filesystem but some warnings appear.
I created a custom selinux module by using audit2allow:
--------------------------------------------------- git.te
policy_module(git,1.0.0)
gitconfig()
---------------------------------------------------
--------------------------------------------------- git.if
interface(`gitconfig',`
gen_require(`
type git_data_t;
type httpd_t;
type var_t;
')
allow httpd_t git_data_t:dir { read search open getattr };
allow httpd_t git_data_t:file { execute getattr read open ioctl
execute_no_trans };
allow httpd_t var_t:file { read getattr open };
')
---------------------------------------------------
The compile process works fine but when executing semodule -i git.pp, this
error appears:
libsepol.print_missing_requirements: git's global requirements were not met:
type/attribute git_data_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
What's wrong, my module or some system component is missing?
Thanks for your help.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2153 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100118/bf21ef86/attachment.bin
More information about the selinux
mailing list