Selinux policy for git + apache
Xavier Toth
txtoth at gmail.com
Mon Jan 18 16:18:05 UTC 2010
On Mon, Jan 18, 2010 at 9:12 AM, Roberto Sassu <roberto.sassu at polito.it> wrote:
> Hi all
>
> i have an issue when configuring apache + git + gitweb on fedora 12 (with /srv
> mounted in another ext4 partition).
> I put all my data in /srv/git, including gitweb relevant files.
> Then i relabeled the entire filesystem but some warnings appear.
> I created a custom selinux module by using audit2allow:
>
> --------------------------------------------------- git.te
> policy_module(git,1.0.0)
>
> gitconfig()
> ---------------------------------------------------
>
> --------------------------------------------------- git.if
> interface(`gitconfig',`
> gen_require(`
> type git_data_t;
> type httpd_t;
> type var_t;
> ')
>
> allow httpd_t git_data_t:dir { read search open getattr };
> allow httpd_t git_data_t:file { execute getattr read open ioctl
> execute_no_trans };
> allow httpd_t var_t:file { read getattr open };
> ')
> ---------------------------------------------------
>
> The compile process works fine but when executing semodule -i git.pp, this
> error appears:
>
> libsepol.print_missing_requirements: git's global requirements were not met:
> type/attribute git_data_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule: Failed!
>
> What's wrong, my module or some system component is missing?
> Thanks for your help.
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
You are overwriting the git module that defines git_data_t, rename
your module (mygit).
Ted
More information about the selinux
mailing list