On Thu, 2008-02-14 at 11:19 -0800, Daniel B. Thurman wrote:
On Thu, 2008-02-14 at 11:13 -0800, Daniel B. Thurman wrote:
>
> On Thu, 2008-02-14 at 10:16 -0800, Daniel B. Thurman wrote:
>
> >
> > On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote:
> >
> > > In one of the Fedora CVS server setup, it says that if the
> > > administrator wants to use a simple pserver remote string
> > > such as:
> > >
> > > export
CVSROOT=':pserver:<username>@<systemname>:/cvs'
> > >
> > > Then one has to:
> > >
> > > 1) /etc/xinetd.d/cvs:
> > > server_args = -f --allow-root=/cvs pserver
> > > 2) ln -s /var/cvs /cvs
> > >
> > > But the problem here is that SELinux has no context for
> > > the symbolic link /cvs, therefore deny's access.
> > >
> > > I tried setting context for /cvs by:
> > > 1) chcon -t cvs_data_t
> > >
> > > No dice. Does not work.
> > >
> > > To see if I can cvs login bypassing Selinux, I tried:
> > > 1) setenforce 0
> > > 2) cvs login (successfully)
> > > 3) setenforce 1
> > >
> > > So, what can I do to get SElinux to authorize the /cvs symbolic
> > > link access to /var/cvs?
> > >
> > > Thanks-
> > > Dan
> >
> >
> > Apologies to all. It turns out that my email spam system was
> > blocking me from
> > receiving email responses I was waiting for! Geez, I will have to
> > add another
> > TODO to my list.
> >
> > To Paul: Can you explain what you mean by: "maybe try a bind mount
> > instead of a symlink?"
>
>
> I looked it up and understood a bind mount. Answer is nope!
>
> Bind mount:
> ========
> mount --bind /var/cvs /cvs
>
> ls -ldZ /cvs:
> =======
> drwxr-xr-x cvs cvs system_u:object_r:cvs_t:s0 /cvs
> So, the context is right, but still get a Permissions denied.
>
> /sbin/ausearch -i -m AVC
> ================
> type=SYSCALL msg=audit(02/14/2008 11:08:09.984:7732) : arch=i386
> syscall=fchmodat success=no exit=-13(Permission denied) a0=ffffff9c
> a1=94848d8 a2=1fd a3=94848d8 items=0 ppid=23862 pid=20445 auid=dant
> uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
> fsgid=root tty=pts7 comm=chmod exe=/bin/chmod
> subj=system_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(02/14/2008 11:08:09.984:7732) : avc: denied
> { setattr } for pid=20445 comm=chmod name=cvs dev=sdb5 ino=819450
> scontext=system_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:cvs_t:s0 tclass=dir
Oh rats! This error above was for something else! My mistake!!!!
I had to trying logging in at the remote system but failed several
times,
but after the 3rd try, I finally got in. Not sure why the login
process
stumbled.
So, It DOES work!
But I am having a problem with getting Eclipse's SVN to open a single
file:
The server reported an error while performing the "cvs status" command.
HelloWorld: cvs status: failed to create lock directory for
`/cvs/Eclipse/C/Examples/HelloWorld' (/cvs/Eclipse/C/Examples/HelloWorld/#cvs.lock):
Permission denied
HelloWorld: cvs status: failed to obtain dir lock in repository
`/cvs/Eclipse/C/Examples/HelloWorld'
HelloWorld: cvs [status aborted]: read lock failed - giving up
Not sure why it is not able to lock this file for checkout/examination.
Any ideas?
> > To Stephen: "/sbin/ausearch -i -m AVC"
> > type=SYSCALL msg=audit(02/13/2008 19:17:32.484:5097) : arch=i386
> > syscall=open success=no exit=-13(Permission denied) a0=8faf660
> > a1=8000 a2=1b6 a3=8fafa58 items=0 ppid=25427 pid=27015 auid=dant
> > uid=root gid=root euid=root suid=root fsuid=root egid=root
> > sgid=root fsgid=root tty=(none) comm=cvs exe=/usr/bin/cvs
> > subj=system_u:system_r:cvs_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(02/13/2008 19:17:32.484:5097) : avc: denied
> > { read } for pid=27015 comm=cvs name=cvs dev=sdb5 ino=49172
> > scontext=system_u:system_r:cvs_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:default_t:s0 tclass=lnk_file
> >
> > Thanks for responding!
> > Dan
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.516 / Virus Database: 269.20.4/1277 - Release Date:
> > 2/13/2008 8:00 PM
> >
> >
> > plain text document attachment (ATT00516.txt), "ATT00516.txt"
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list(a)redhat.com
> >
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.20.4/1277 - Release Date:
> 2/13/2008 8:00 PM
>
>
> plain text document attachment (ATT00538.txt), "ATT00538.txt"
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.20.4/1277 - Release Date:
2/13/2008 8:00 PM
plain text document attachment (ATT00558.txt), "ATT00558.txt"
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list