On 02/05/2010 12:30 PM, Dominick Grift wrote: > On 02/05/2010 06:16 PM, Michael Cronenworth wrote: >> Dominick Grift wrote: >>> Alright well by default personal git repositories are expected in >>> ~/public_git. >>> >>> That directory and its content is labelled git_personal_t in F12 (if i >>> am correct). >>> >>> I would probably use that for personal git repositories and give your >>> gitweb app access to git_personal_t instead of git_data_t (which is a >>> type for system wide shared git repositories in /var/lib/git) >> >> Done. The default context seems to be >> unconfined_u:object_r:httpd_user_content_t:s0, which makes more sense, > > No this does not make sense at all httpd has zero relation to git > content in user home. It looks like your policy has not be modified yet > to relect something sane for public_git (although in your case it > happens to work out well since your gitweb script has access to it) > >> but SELinux still complains about allowing access to my root home >> directory (/home/michael) when I reset that back to default. I have the > > This is a bug in my view. > > httpd_enable_homedirs boolean should probably be modified to reflect this. > > i.e. if httpd enable homedirs boolean is set to true , then all httpd > domains should be able to access it. > You want to allow apache cgi scripts to search home_root_t, user_home_dir_t, and user_home_t only. No list no read. > >> boolean enabled to allow httpd access to home and user directories. >> >>> >>> Can gitweb not be configured to point to the different personal >>> repositories? Instead of using symlinks in /srv/git? >>> >> >> Not that I know of, but I may be missing something. The >> gitweb_config.perl file only allows one $projectroot. >> >> Any more good ideas? :D > > I have plenty ideas but i dont know if they are any good. if it works, > it works >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
