Re: CVS Servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote:
In one of the Fedora CVS server setup, it says that if the
administrator wants to use a simple pserver remote string
such as:

export CVSROOT=':pserver:<username>@<systemname>:/cvs'

Then one has to:

1) /etc/xinetd.d/cvs:
    server_args             = -f --allow-root=/cvs pserver
2) ln -s /var/cvs /cvs

But the problem here is that SELinux has no context for
the symbolic link /cvs, therefore deny's access.

I tried setting context for /cvs by:
1) chcon -t cvs_data_t

No dice.  Does not work.

To see if I can cvs login bypassing Selinux, I tried:
1) setenforce 0
2) cvs login (successfully)
3) setenforce 1

So, what can I do to get SElinux to authorize the /cvs symbolic link access to /var/cvs?

Thanks-
Dan

Apologies to all.  It turns out that my email spam system was blocking me from
receiving email responses I was waiting for!  Geez, I will have to add another
TODO to my list.

To Paul: Can you explain what you mean by: "maybe try a bind mount instead of a symlink?"

To Stephen: "/sbin/ausearch -i -m AVC"
type=SYSCALL msg=audit(02/13/2008 19:17:32.484:5097) : arch=i386 syscall=open success=no exit=-13(Permission denied) a0=8faf660 a1=8000 a2=1b6 a3=8fafa58 items=0 ppid=25427 pid=27015 auid=dant uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) comm=cvs exe=/usr/bin/cvs subj=system_u:system_r:cvs_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(02/13/2008 19:17:32.484:5097) : avc:  denied  { read } for  pid=27015 comm=cvs name=cvs dev=sdb5 ino=49172 scontext=system_u:system_r:cvs_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=lnk_file

Thanks for responding!
Dan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux