Hi,
I configured svnsync to be triggered from a subversion hook, to maintain remote replicas.
I had my own type for hooks defined, so audit2allow shows it.
This is what it suggests:
require {
type httpd_svn_script_t;
class netlink_route_socket { write getattr read bind create nlmsg_read };
}
#============= httpd_svn_script_t ==============
allow httpd_svn_script_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
kernel_read_kernel_sysctls(httpd_svn_script_t)
I am kind of concerned about kernel bits, why would svnsync need it, I have no clue.
Also I can see a boolean httpd_can_network_relay, which is set to off by default and is not documented in man httpd_selinux.
Could it be related somehow?
Thanks,
Vadym Chepkov
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
