[TriLUG] selinux vs.gitosis vs. apache

Dave Sorenson sorenson at uffdaa.com
Tue Sep 15 10:21:12 EDT 2009 

Guilty as charged.....



On 9/15/2009 10:16 AM, Matt Pusateri wrote:
> How many of us that are reading this are thinking, "Just turn selinux
> off" ?
>
>
> Matt P.
>
> On Sep 15, 2009, at 9:50 AM, Robert Dale wrote:
>
>> I'm trying to set up a git repository with gitosis and gitweb using the
>> stuff that came with Fedora Core 11. However, I can only get one or the
>> other to work, not both at the same time because of some selinux context.
>> Gitosis and repositories are in /home/git
>>
>> When gitosis is working, ssh access, gitweb fails with:
>>
>> SELinux is preventing the gitweb.cgi from using potentially mislabeled
>> files
>> git
>> (user_home_dir_t). SELinux has denied the gitweb.cgi access to
>> potentially
>> mislabeled files git.
>> This means that SELinux will not allow httpd to use these files. Many
>> third
>> party apps install html files in directories that SELinux policy cannot
>> predict.
>> These directories have to be labeled with a file context which httpd can
>> access.
>>
>> So I execute the suggested command: chcon -t httpd_sys_content_t 'git'.
>>
>> Then I get similar message for gitosis, fix that, and maybe some more
>> mucking around, gitweb finally works.
>>
>> When I get back to work and try to pull/push, I get prompted for the git
>> user's password instead of using the keys.
>> SElinux records this:
>>
>> SELinux is preventing sshd (sshd_t) "search" httpd_sys_content_t
>>
>> So it seems like I can't have both at the same time. Any ideas?
>>
>> Thanks,
>>
>> --
>> Robert Dale
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

-- 
Please note that my e-mail address has changed. dave at logicalgeek is 
being replaced by sorenson at uffdaa.com

Please update your address books.
Thanks !
Dave Sorenson
KJ4OBR

More information about the TriLUG mailing list