Executables run by httpd
Dominick Grift
dominick.grift at gmail.com
Sat Aug 2 16:33:32 UTC 2014
I think you want httpd_sys_script_exec_t
On Sat, 2014-08-02 at 14:16 +0000, Matthew Saltzman wrote:
> SubGit is a system that keeps a Subversion repository and a Git
> repository in sync. In order to do that, it includes a program called
> fast-pre-commit (C, I believe) that is run as part of Subversion's
> pre-commit process. It lives in the Subversion repository's hooks/
> directory. If Subversion commits are handled by httpd, then the
> pre-commit script is run, but its call to the fast-pre-commit program
> fails because it doesn't see fast-pre-commit as executable. Local
> commits (not using httpd) work as expected.
>
> The pre-commit script and the fast-pre-commit program both have context
>
> unconfined_u:object_r:httpd_sys_rw_content_t:s0
>
> although restorecon wants to reset the user to system_u (which doesn't
> solve the problem), and both have permissions -rwxrwxr-x.
>
> What should fast-pre-commit's context be in order for it to execute
> properly? Or what is the best way to make a particular executable run
> when invoked from httpd?
>
> TIA.
>
More information about the selinux
mailing list