Hi I'm quite new to Fedora (and SELinux) but I've been using linux for some time and one of the tools I use more or less daily is the mercurial scm. I would like to share (read only) versions of some of the repositories I work on to other members of my group. The mercurial team provide a script to do this which (when configured via a simple file) can read the configured repository directories (scattered about my home directory) and from there generate the web interface. Currently this fails, because I have policies configured such that lighttpd can only read from the public_html directory of home directories and I would prefer not to have to change things so that it can read all of my home directory. I would also prefer to avoid the need to have 2 copies of the repository on the system, one in my home directory and one somewhere else (say /var/hg ) that I can let lighttpd read as it desires, since this brings about synchronisation issues. I thought a solution might be to write a policy for mercurial so that all repos are created with a 'mercurial_repo_t' type or similar and then allow the lighttpd_t context to read them (it can already search home directories) but I am unsure of how to go about implementing such a policy, or how it might be done better. Any advice would be appreciated, Jon -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
