On Tue, 2009-06-30 at 16:21 +0100, Jonathan Stott wrote: > Hi all > > Today I updated to FC11 and gitosis stopped working (gitosis is a collection of scripts for easing multiuser access to git repositories over ssh). I can tell it's an SELinux problem, because '/sbin/setenforcing 0' clears it up. > > On the server, the git repositories are managed by the 'git' user, which has the guest_u selinux type (though it also fails when given the user_u user). The home directory (/home/git) has the correct selinux context (user_home_t) as far as I can tell and I've run 'restorecon -Rvv' anyway, just to be sure. gitosis works by calling a system binary, gitosis-serve, which lives in /usr/bin/ and has the type of 'bin_t' so guest_u should be able to execute it. Even with 'setenforcing 0' no AVC denials are created though. Checking /var/log/secure shows that the key is being accepted, and it seems like the process then hangs. > > Any suggestions appreciated, > Regards > Jon Hi, Unload any silenced denials by running: semodule -DB try gitosis again (in permissive mode) After that see /var/log/audit/audit.log and attach the applicable part so that we can have a look. After testing put it back into enforcing mode and reload the silenced denials with semodule -B We need to have a look at avc denials. > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
