I think you want httpd_sys_script_exec_t On Sat, 2014-08-02 at 14:16 +0000, Matthew Saltzman wrote: > SubGit is a system that keeps a Subversion repository and a Git > repository in sync. In order to do that, it includes a program called > fast-pre-commit (C, I believe) that is run as part of Subversion's > pre-commit process. It lives in the Subversion repository's hooks/ > directory. If Subversion commits are handled by httpd, then the > pre-commit script is run, but its call to the fast-pre-commit program > fails because it doesn't see fast-pre-commit as executable. Local > commits (not using httpd) work as expected. > > The pre-commit script and the fast-pre-commit program both have context > > unconfined_u:object_r:httpd_sys_rw_content_t:s0 > > although restorecon wants to reset the user to system_u (which doesn't > solve the problem), and both have permissions -rwxrwxr-x. > > What should fast-pre-commit's context be in order for it to execute > properly? Or what is the best way to make a particular executable run > when invoked from httpd? > > TIA. > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
