On 02/05/2010 06:16 PM, Michael Cronenworth wrote: > Dominick Grift wrote: >> Alright well by default personal git repositories are expected in >> ~/public_git. >> >> That directory and its content is labelled git_personal_t in F12 (if i >> am correct). >> >> I would probably use that for personal git repositories and give your >> gitweb app access to git_personal_t instead of git_data_t (which is a >> type for system wide shared git repositories in /var/lib/git) > > Done. The default context seems to be > unconfined_u:object_r:httpd_user_content_t:s0, which makes more sense, No this does not make sense at all httpd has zero relation to git content in user home. It looks like your policy has not be modified yet to relect something sane for public_git (although in your case it happens to work out well since your gitweb script has access to it) > but SELinux still complains about allowing access to my root home > directory (/home/michael) when I reset that back to default. I have the This is a bug in my view. httpd_enable_homedirs boolean should probably be modified to reflect this. i.e. if httpd enable homedirs boolean is set to true , then all httpd domains should be able to access it. > boolean enabled to allow httpd access to home and user directories. > >> >> Can gitweb not be configured to point to the different personal >> repositories? Instead of using symlinks in /srv/git? >> > > Not that I know of, but I may be missing something. The > gitweb_config.perl file only allows one $projectroot. > > Any more good ideas? :D I have plenty ideas but i dont know if they are any good. if it works, it works > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
