On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote: > In one of the Fedora CVS server setup, it says that if the > administrator wants to use a simple pserver remote string > such as: > > export CVSROOT=':pserver:<username>@<systemname>:/cvs' > > Then one has to: > > 1) /etc/xinetd.d/cvs: > server_args = -f --allow-root=/cvs pserver > 2) ln -s /var/cvs /cvs > > But the problem here is that SELinux has no context for > the symbolic link /cvs, therefore deny's access. > > I tried setting context for /cvs by: > 1) chcon -t cvs_data_t > > No dice. Does not work. > > To see if I can cvs login bypassing Selinux, I tried: > 1) setenforce 0 > 2) cvs login (successfully) > 3) setenforce 1 > > So, what can I do to get SElinux to authorize the /cvs symbolic link > access to /var/cvs? What avc denial do you get (/sbin/ausearch -i -m AVC)? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
