[TriLUG] selinux vs.gitosis vs. apache

Robert Dale robdale at gmail.com
Tue Sep 15 09:50:17 EDT 2009


I'm trying to set up a git repository with gitosis and gitweb using the
stuff that came with Fedora Core 11.  However, I can only get one or the
other to work, not both at the same time because of some selinux context.
Gitosis and repositories are in /home/git

When gitosis is working, ssh access, gitweb fails with:

SELinux is preventing the gitweb.cgi from using potentially mislabeled files
git
(user_home_dir_t). SELinux has denied the gitweb.cgi access to potentially
mislabeled files git.
This means that SELinux will not allow httpd to use these files. Many third
party apps install html files in directories that SELinux policy cannot
predict.
These directories have to be labeled with a file context which httpd can
access.

So I execute the suggested command: chcon -t httpd_sys_content_t 'git'.

Then I get similar message for gitosis, fix that, and maybe some more
mucking around, gitweb finally works.

When I get back to work and try to pull/push, I get prompted for the git
user's password instead of using the keys.
SElinux records this:

SELinux is preventing sshd (sshd_t) "search" httpd_sys_content_t

So it seems like I can't have both at the same time.  Any ideas?

Thanks,

-- 
Robert Dale



More information about the TriLUG mailing list