I've got a CentOS 6 machine that's slated to go into production
providing some web and development-repository services.
Part of the environment is gitweb, which works as expected with one
glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
owns the repositories.
The audit log entries are pretty straightforward, e.g.,
type=AVC msg=audit(XXXXXXXXXXXX): avc: denied { search } for
pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX
scontext=unconfined_u:system_r:httpd_git_script_t:s0
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir
I'll use audit2allow to build a custom policy if need be, but what I'd
really like to hear is that there's an SELinux boolean that can be
tweaked or a file context that can be altered to make things work as
expected.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
