Bug 1127301
Summary: | subversion - it would be great to have subversion covered | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | lejeczek <peljasz> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED WONTFIX | QA Contact: | Milos Malik <mmalik> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.5 | CC: | dwalsh, mgrepl, mmalik, peljasz |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-02 13:30:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
lejeczek
2014-08-06 15:05:38 UTC
seems like file_t of the filesystem top of a device won't do and then subsequent path to the svn repository also should not be file_t what fcontext would be most suited? file_t means there is no labels, probably a disk created on an SELinux Disabled system. you want to at least run restorecon on the content. Did you run restorecon on it? well, I just labelled the mount path to public_content_t and for repository itself under/via apache drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 conf drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 dav drwxrwsr-x+ root root system_u:object_r:httpd_sys_content_t:s0 db -r--r--r--. root root system_u:object_r:httpd_sys_content_t:s0 format drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 hooks drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 locks -rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 README.txt but what I was hoping for was that we would have selinux policy covered this, svnadmin create creates standard struct and is always predictable, could probably be better labelled for security than what I did What are full paths? full paths are not necessary standard/regular ones mine are off the root and then a mounted device which is different from root mounted fs, eg. /_.aLocalStore/somePaht/etc (some path is a top of a dev) but I'd imagine subversion repos under httpd would/should per default go under /var/www somewhere I believe we can go with a local modifications here. If we get it working, we will reopen the bug for RHEL7/Fedora. |