On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote:
In one of the Fedora CVS server setup, it says that if the
administrator wants to use a simple pserver remote string
such as:
export CVSROOT=':pserver:<username>@<systemname>:/cvs'
Then one has to:
1) /etc/xinetd.d/cvs:
server_args = -f --allow-root=/cvs pserver
2) ln -s /var/cvs /cvs
But the problem here is that SELinux has no context for
the symbolic link /cvs, therefore deny's access.
I tried setting context for /cvs by:
1) chcon -t cvs_data_t
No dice. Does not work.
To see if I can cvs login bypassing Selinux, I tried:
1) setenforce 0
2) cvs login (successfully)
3) setenforce 1
So, what can I do to get SElinux to authorize the /cvs symbolic link
access to /var/cvs?
What avc denial do you get (/sbin/ausearch -i -m AVC)?
--
Stephen Smalley
National Security Agency