Making httpd work with trac and svn
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 13 22:20:14 UTC 2005
Robin Bowes wrote:
> Daniel J Walsh said the following on 13/12/2005 18:49:
>
>> Robin Bowes wrote:
>>
>>>>> # Needed to allow svnmailer to execute and send commit notifications
>>>>> # using sendmail as httpd user
>>>>> allow httpd_t trac_var_t:file execute;
>>>>> allow httpd_t trac_var_t:file execute_no_trans;
>>>>> allow restorecon_t devpts_t:chr_file getattr;
>>>>> allow httpd_t sbin_t:lnk_file read;
>>>>>
>>> I followed the instructions here [1] to set up trac to work with SELinux.
>>>
>>> [1] http://projects.edgewall.com/trac/wiki/TracWithSeLinux
>>>
>>> trac_var_t is a file type creagted by the SELinux config listed on that
>>> site.
>>>
>> Ok from reading that policy, it looks like you would be able to write to
>> those directories, but now you are trying to execute files in those
>> directories?
>>
>
> Yes. I am running svn hooks. eg. post-commit.
>
> The post-commit script runs svn-mailer which, in turn, sends mail using
> /usr/sbin/sendmail and also (optionally) includes diffs in the mails
> (hence the need for temp file access).
>
> R.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Not sure why you needed smpt since httpd should be allowed to transition
to system_mail_t via sendmail
You chould set the /var/trac directories to httpd_sys_content_t and I
think you will get the execute for free.
--
More information about the selinux
mailing list