svnsync
Vadym Chepkov
vchepkov at gmail.com
Mon Jun 28 02:08:57 UTC 2010
Hi,
I configured svnsync to be triggered from a subversion hook, to maintain remote replicas.
I had my own type for hooks defined, so audit2allow shows it.
This is what it suggests:
require {
type httpd_svn_script_t;
class netlink_route_socket { write getattr read bind create nlmsg_read };
}
#============= httpd_svn_script_t ==============
allow httpd_svn_script_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
kernel_read_kernel_sysctls(httpd_svn_script_t)
I am kind of concerned about kernel bits, why would svnsync need it, I have no clue.
Also I can see a boolean httpd_can_network_relay, which is set to off by default and is not documented in man httpd_selinux.
Could it be related somehow?
Thanks,
Vadym Chepkov
More information about the selinux
mailing list