On Tue, 2009-06-30 at 16:21 +0100, Jonathan Stott wrote:
Hi all
Today I updated to FC11 and gitosis stopped working (gitosis is a collection of scripts
for easing multiuser access to git repositories over ssh). I can tell it's an SELinux
problem, because '/sbin/setenforcing 0' clears it up.
On the server, the git repositories are managed by the 'git' user, which has the
guest_u selinux type (though it also fails when given the user_u user). The home
directory (/home/git) has the correct selinux context (user_home_t) as far as I can tell
and I've run 'restorecon -Rvv' anyway, just to be sure. gitosis works by
calling a system binary, gitosis-serve, which lives in /usr/bin/ and has the type of
'bin_t' so guest_u should be able to execute it. Even with 'setenforcing
0' no AVC denials are created though. Checking /var/log/secure shows that the key is
being accepted, and it seems like the process then hangs.
Any suggestions appreciated,
Regards
Jon
Hi,
Unload any silenced denials by running: semodule -DB
try gitosis again (in permissive mode)
After that see /var/log/audit/audit.log and attach the applicable part
so that we can have a look.
After testing put it back into enforcing mode and reload the silenced
denials with semodule -B
We need to have a look at avc denials.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list