-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathan Stott wrote: > Hi > > I'm quite new to Fedora (and SELinux) but I've been using linux for > some time and one of the tools I use more or less daily is the > mercurial scm. I would like to share (read only) versions of some of > the repositories I work on to other members of my group. The > mercurial team provide a script to do this which (when configured via > a simple file) can read the configured repository directories > (scattered about my home directory) and from there generate the web > interface. > > Currently this fails, because I have policies configured such that > lighttpd can only read from the public_html directory of home > directories and I would prefer not to have to change things so that it > can read all of my home directory. I would also prefer to avoid the > need to have 2 copies of the repository on the system, one in my home > directory and one somewhere else (say /var/hg ) that I can let > lighttpd read as it desires, since this brings about synchronisation > issues. > > I thought a solution might be to write a policy for mercurial so that > all repos are created with a 'mercurial_repo_t' type or similar and > then allow the lighttpd_t context to read them (it can already search > home directories) but I am unsure of how to go about implementing such > a policy, or how it might be done better. > > Any advice would be appreciated, > Jon > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Why not just label the directory where you want mercurial to be shared http_*_content_t Just like public_html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHYaFIrlYvE4MpobMRAijtAKCv6FARdJfSOTgCT7uAXtD+scKoGgCfZmYP bmVBokULiPWedRovwCocpOM= =NVAD -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
