Hi, On Tue, Oct 29, 2019 at 10:30 PM Jeffrey Walton <noloader@xxxxxxxxx> wrote: > > Hi Everyone, > > I'm trying to setup a Git server on Fedora 30 server with SELinux in > enforcing mode. I am following > https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server > . > > At the push on the local machine: > > $ git push -v origin master > Pushing to ssh://git@euclid:/var/callboot/source.git So you're using ssh... > Enter passphrase for key ... > fatal: '/var/callboot/source.git' does not appear to be a git repository > fatal: Could not read from remote repository. > ... > > I suspect the SELinux labels for /var/callboot/source.git are not > quite right. Right now it looks as follows. httpd_sys_content_t is > typical for a web server and I think it needs to be something else. > > # ls -Z /var/callboot/source.git > unconfined_u:object_r:httpd_sys_content_t:s0 branches > unconfined_u:object_r:httpd_sys_content_t:s0 config > unconfined_u:object_r:httpd_sys_content_t:s0 description > unconfined_u:object_r:httpd_sys_content_t:s0 HEAD > unconfined_u:object_r:httpd_sys_content_t:s0 hooks > unconfined_u:object_r:httpd_sys_content_t:s0 info > unconfined_u:object_r:httpd_sys_content_t:s0 objects > unconfined_u:object_r:httpd_sys_content_t:s0 refs > > What should the SELinux labels be for the Git user? They should be whatever is needed to access via ssh. I think that's something like 'ssh_home_t' (sorry, haven't fought SELinux and SSH for a few years now), but the question isn't really anything to do with Git but of the combination of SELinux and SSH. Hope that helps, Elijah
