Robin Bowes wrote:
Daniel J Walsh said the following on 13/12/2005 18:49:
Robin Bowes wrote:
# Needed to allow svnmailer to execute and send commit notifications
# using sendmail as httpd user
allow httpd_t trac_var_t:file execute;
allow httpd_t trac_var_t:file execute_no_trans;
allow restorecon_t devpts_t:chr_file getattr;
allow httpd_t sbin_t:lnk_file read;
I followed the instructions here [1] to set up trac to work with SELinux.
[1] http://projects.edgewall.com/trac/wiki/TracWithSeLinux
trac_var_t is a file type creagted by the SELinux config listed on that
site.
Ok from reading that policy, it looks like you would be able to write to
those directories, but now you are trying to execute files in those
directories?
Yes. I am running svn hooks. eg. post-commit.
The post-commit script runs svn-mailer which, in turn, sends mail using
/usr/sbin/sendmail and also (optionally) includes diffs in the mails
(hence the need for temp file access).
R.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Not sure why you needed smpt since httpd should be allowed to transition
to system_mail_t via sendmail
You chould set the /var/trac directories to httpd_sys_content_t and I
think you will get the execute for free.
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
