Hi folks -
I have migrated a dedicated server from "FC4" (a very strange FC4 with
lilo, xfs-formatted partitions, no selinux, and a Debian kernel)
provided by a 1&1 to F7 with only one outstanding minor selinux problem.
(The adventures of converting it are documented at
http://warmcat.com/_wp/?p=35 if anyone is interested).
gitweb no longer works properly with selinux in targeted/enforcing mode.
Sep 5 13:23:37 warmcat kernel: audit(1188995017.593:84): avc: denied
{ read } for pid=3649 comm="gitweb.cgi" name="cgi-bin" dev=md7
ino=5079272 scontext=system_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=dir
dev=md7 is /var, it seems the inode in question is /var/www/cgi-bin
# ll -Zd /var/www/cgi-bin
drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
/var/www/cgi-bin
# ll -Z /var/www/cgi-bin
-rw-r--r-- root apache system_u:object_r:httpd_sys_content_t
git-favicon.png
-rw-r--r-- root apache system_u:object_r:httpd_sys_content_t git-logo.png
drwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb
-rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb.cgi
-rw-r--r-- root apache system_u:object_r:httpd_sys_content_t gitweb.css
-rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t
gitweb_defaults.pl
-rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t
gitweb.perl
-rw-r--r-- root apache system_u:object_r:httpd_sys_script_exec_t
projects.list
Does anyone have any advice about the right way to resolve this?
-Andy