-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/12/2012 09:49 AM, Pete Stieber wrote: > On 06/11/2012 07:08 PM, PS = Pete Stieber wrote: PS>> I'm trying to setup a > git server on a Fedora PS>> 17 box. I created user name git and setup > PS>> bare Git repos under /home/git/repos. When PS>> I clone these repos > from another machine using PS>> PS>> $ git clone > git@server_name/repos/RepoName.git RepoName PS>> PS>> selinux wants the > type of /home/git to be user_home_t. PS>> PS>> When I try to use http for > read-only, public PS>> access using PS>> PS>> $ git clone > http://server_name/git/RepoName.git RepoName PS>> PS>> I'm not sure what to > do to use both. PS>> PS>> A few versions of Fedora ago, I would get PS>> > sealert entries in some log (/var/log/messages ?) PS>> that would give me > hints on how to fix this type PS>> of problem. Is that still available? > > On 6/12/2012 5:15 AM, DW = Daniel J Walsh wrote: DW> Well, we have default > labeling for git stores in DW> /var/lib/git> DW> DW> matchpathcon > /var/lib/git DW> /var/lib/git system_u:object_r:git_sys_content_t:s0 > DW> DW> # semanage fcontext -a -t git_sys_content_t "/home/git(/.*)?" DW> # > restorecon -R -v /home/git/ DW> DW> I think will solve your problem. Or > move you DW> content to /var/lib/git. > > I followed the simple version of a git server setup suggested in > > http://git-scm.com/book/en/Git-on-the-Server-Setting-Up-the-Server > > It seems like any blog or book with these types of instructions completely > ignore selinux. > > This technique creates a git user and places public keys for developers > with commit privileges under /home/git/.ssh/authorized_keys. When this > type of developer checks out the code using > > $ git clone git@server_name/repos/RepoName.git RepoName > > will you advice work? > > In other words, does git_sys_content_t allow http and ssh protocol access, > or just hit protocol access. > > It sounds like I'm being critical, but I'm not. I just don't understand > all of the issues and was able to fix the problem using > > # setsebool -P httpd_enable_homedirs 1 # setsebool -P > httpd_read_user_content 1 > > Was that a bad way to go? > > Also, is setroubleshoot still a recommended tool or it audit2* the way to > go? > > It's always good to hear from the selinux expert. > > Thanks, Pete Can you ping me on #selinux on freenode. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/aJegACgkQrlYvE4MpobON6wCdGfG1EvhVcDcIVOoQd6D9NR3U d4UAn3SkUC4KLmUhOFRRay5hUsT3ss99 =wRdw -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
