-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/10/2012 02:31 PM, Dominick Grift wrote: > To be honest though i never understood what value gitolite adds to > git-shell, git-daemon and a few good git hooks. > > https://www.youtube.com/watch?v=vgm89P5nbBQ > https://www.youtube.com/watch?v=XHEPj80217o > > > On Fri, 2012-02-10 at 20:18 +0100, Dominick Grift wrote: >> On Fri, 2012-02-10 at 14:06 -0500, Konstantin Ryabitsev wrote: >>> Hi, all: >>> >>> I'm trying to lock down the gitolite user by creating a user >>> role that would be pretty much "guest_u" plus pemission to >>> transition to gitosis_t. >>> >> >> This might work: >> >> mkdir ~/mygito; cd ~/mygito; >> >> echo "policy_module(mygito, 1.0.0)" > mygito.te; echo "role >> mygito_r;" >> mygito.te; echo >> "userdom_restricted_user_template(mygito)" >> mygito.te; echo >> "gitosis_run(mygito_t, mygito_r)" >> mygito.te; echo >> "gen_user(mygito_u, user, mygito_r, s0, s0)" >> mygito.te; >> >> make -f /usr/share/selinux/devel/Makefile mygito.pp sudo semodule >> -i mygito.pp >> >> useradd -Z mygito_u mygito passwd mygito >> >> >>> I've not yet written a user role policy, so I'm not sure where >>> I should start. >>> >>> Best, -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Looks like a good subject for a blog... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85PTcACgkQrlYvE4MpobNEGACg6ZBGAddU9to3L2FWgeJo/0/q Og0AoObpGgHHKNjzYCRh4fxtYNDt+3sc =ZJ3X -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
