[TriLUG] selinux vs.gitosis vs. apache

[Matt Pusateri]

How many of us that are reading this are thinking, "Just turn selinux   
off" ?


Matt P.

On Sep 15, 2009, at 9:50 AM, Robert Dale wrote:

> I'm trying to set up a git repository with gitosis and gitweb using  
> the
> stuff that came with Fedora Core 11.  However, I can only get one or  
> the
> other to work, not both at the same time because of some selinux  
> context.
> Gitosis and repositories are in /home/git
>
> When gitosis is working, ssh access, gitweb fails with:
>
> SELinux is preventing the gitweb.cgi from using potentially  
> mislabeled files
> git
> (user_home_dir_t). SELinux has denied the gitweb.cgi access to  
> potentially
> mislabeled files git.
> This means that SELinux will not allow httpd to use these files.  
> Many third
> party apps install html files in directories that SELinux policy  
> cannot
> predict.
> These directories have to be labeled with a file context which httpd  
> can
> access.
>
> So I execute the suggested command: chcon -t httpd_sys_content_t  
> 'git'.
>
> Then I get similar message for gitosis, fix that, and maybe some more
> mucking around, gitweb finally works.
>
> When I get back to work and try to pull/push, I get prompted for the  
> git
> user's password instead of using the keys.
> SElinux records this:
>
> SELinux is preventing sshd (sshd_t) "search" httpd_sys_content_t
>
> So it seems like I can't have both at the same time.  Any ideas?
>
> Thanks,
>
> -- 
> Robert Dale
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions