svnsync
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 28 15:33:06 UTC 2010
On 06/27/2010 10:08 PM, Vadym Chepkov wrote:
> Hi,
>
> I configured svnsync to be triggered from a subversion hook, to maintain remote replicas.
> I had my own type for hooks defined, so audit2allow shows it.
>
> This is what it suggests:
>
> require {
> type httpd_svn_script_t;
> class netlink_route_socket { write getattr read bind create nlmsg_read };
> }
>
> #============= httpd_svn_script_t ==============
> allow httpd_svn_script_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
> kernel_read_kernel_sysctls(httpd_svn_script_t)
>
Do you have the Raw AVC output. Some times the tools pick too much access.
Did you build local policy? httpd_svn_script_t does not exist in the
Fedora Policy package.
>
> I am kind of concerned about kernel bits, why would svnsync need it, I have no clue.
> Also I can see a boolean httpd_can_network_relay, which is set to off by default and is not documented in man httpd_selinux.
> Could it be related somehow?
>
> Thanks,
> Vadym Chepkov
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
More information about the selinux
mailing list