On 09/22/2015 08:37 PM, Matthew Saltzman wrote: > On Tue, 2015-09-22 at 19:21 +0100, Trevor Hemsley wrote: >> On 22/09/15 18:50, Matthew Saltzman wrote: >>> for pid file '/var/www/svn/FlopC++/subgit/daemon.pid >> >> Probably not the best location for a pid file. I'd suspect that write >> access to anything under /var/www is disallowed. Can you not move it >> to >> /var/run? > > *I* can't. It's hard-coded in a compiled executable. I could make that > recommendation to the Subgit folks. I suspect they may do that because > they know for sure where the directory they are executing from is, but > they may not feel they have a guarantee that /var/run is available in > every *nix distribution. We can label /var/www/svn/FlopC++/subgit for example if it is owned by a package. The main gole is we need to get AVCs. Try to re-test it and run #ausearch -m avc,user_avc -ts recent > > On the other hand, the Subversion repositories themselves are in > /var/www/svn and interacting with them works fine (including writes), > modulo this issue. > >> >> Trevor -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
