Bug 159649 - Default cvs server configuration does not work with SELinux
Default cvs server configuration does not work with SELinux
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: cvs (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-06 11:47 EDT by Wayne Johnson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-30 04:34:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wayne Johnson 2005-06-06 11:47:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
When the cvs RPM is installed, it creates a default location for the cvs server repository.  This repository does not have the proper SELinux credentials for the cvs server to be able to access it.

cvs credentials:
-rwxr-xr-x  root     root     system_u:object_r:cvs_exec_t     /usr/bin/cvs

/var/cvs credentials:
drwxr-xr-x  root     root     system_u:object_r:var_t          /var/cvs

(this is my first time testing pre-release software, so forgive me if I'm not doing this properly).


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install cvs rpm
2. Attempt to create files via cvs pserver:
cvs -d:pserver:waynej@localhost:/var/cvs import config xxx yyy

  

Actual Results:  cvs [import aborted]: unrecognized auth response from localhost: cvs pserver: cannot open /var/cvs/CVSROOT/config: Permission denied


Additional info:
Comment 1 Martin Stransky 2006-03-30 04:34:03 EST
It's because you need to add user who has rights to access to the default CVS
repository (/var/cvs) and create apropriate selinux-rights. I think we can't
have a default user who can access to whole repository out-of-the-box...

Note You need to log in before you can comment on or make changes to this bug.