Re: git and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/12/2012 09:34 AM, Pete Stieber wrote:
> On 6/11/2012 6:40 PM, Jeff Gipson wrote:
>> On Mon, Jun 11, 2012 at 04:08:47PM -0700, Pete Stieber wrote:
>>> I'm trying to setup a git server on a Fedora 17 box. I created user 
>>> name git and setup bare Git repos under /home/git/repos. When I clone 
>>> these repos from another machine using
>>> 
>>> $ git clone git@server_name/repos/RepoName.git RepoName
>>> 
>>> selinux wants the type of /home/git to be user_home_t.
>>> 
>>> When I try to use http for read-only, public access using
>>> 
>>> $ git clone http://server_name/git/RepoName.git RepoName
>>> 
>>> I'm not sure what to do to use both.
>>> 
>>> A few versions of Fedora ago, I would get sealert entries in some log 
>>> (/var/log/messages ?) that would give me hints on how to fix this type 
>>> of problem. Is that still available?
>>> 
>>> Pete
>>> 
> 
>> Indeed, the package names are (on mt system, F17) setroubleshoot.x86_64
>> setroubleshoot-plugins.noarch setroubleshoot-server.x86_64
>> setroubleshoot-doc.x86_64 If you use Runlevel 5/Graphical target, you
>> also want to run seapplet. At the command-line, it's sealert.
> 
> Thanks for the info.
> 
> I ended up using
> 
> # audit2why < /var/log/audit/audit.log
> 
> to figure out the complaints and used the suggested fixed:
> 
> # setsebool -P httpd_enable_homedirs 1 # setsebool -P
> httpd_read_user_content 1
> 
> Pete
> 
> 

Those booleans allow httpd to read all user content.  My solution would be
better security.  IE your git scripts got hacked apache would be allowed to
read your homedir, not just /home/git.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/XTLQACgkQrlYvE4MpobPv2QCfWO4iys5FiySwJFCI0HvzxtCt
+rgAoNCr42DK6gXacd9SiG8TuB/jq9Vc
=kJq9
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux