Yes /projects is a seperate LVM mountpoint! I tried issuing the chcon -t usr_t /projects and got the following error: chcon: can't apply partial context to unlabeled file /projects Why would that be? Thanks for the help! -Jerry. On 4/13/05, Colin Walters <walters@xxxxxxxxxx> wrote: > On Tue, 2005-04-12 at 22:04 -0500, Jerry Dueitt wrote: > > I have been trying to get a SVN repository set up for access via the > > DAV module. I have read that you need to do various things to get this > > to work on a Fedora Core 3 system. My repository lives in > > /projects/svn-repos/ which is a local filesystem. I have changed group > > and owner to apache for all files in that directory with chown -R > > apache.apache /projects/svn-repos. This obviously didn't work due to > > SELinux security contexts. I found online that I needed to do chcon -R > > -h -t httpd_sys_content_t /projects/svn-repos. > > Right. > > > I still get the following errors in my /var/log/mesages: > > Apr 12 21:50:39 fry kernel: audit(1113360639.475:0): avc: denied { > > search } for pid=7147 exe=/usr/sbin/httpd name=/ dev=dm-2 ino=2 > > scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t > > tclass=dir > > Is /projects a mount for separate LVM device? It must be labeled. If > ls -Z /projects shows file_t, then that is the problem. > > Try this: > > chcon -t usr_t /projects > > I picked usr_t because it's going to be accessible to httpd_t. Longer > term once we have a better infrastructure for local policy > modifications, you'd really want to create a new type such as project_t > which you could apply to the directory and give only httpd_t and other > domains the access you want. > > > Most of the information online indicated people were just turning off > > SELinux to avoid this problem. I was wondering if anybody could point > > me in the direction of resolving this without disabling SELinux. > > It's much better to disable SELinux enforcement just for Apache HTTPD, > not SELinux as a whole. > http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#using-s-c-securitylevel > > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list