[TriLUG] selinux vs.gitosis vs. apache
sorenson at uffdaa.com
Tue Sep 15 10:21:12 EDT 2009
Guilty as charged.....
On 9/15/2009 10:16 AM, Matt Pusateri wrote:
> How many of us that are reading this are thinking, "Just turn selinux
> off" ?
> Matt P.
> On Sep 15, 2009, at 9:50 AM, Robert Dale wrote:
>> I'm trying to set up a git repository with gitosis and gitweb using the
>> stuff that came with Fedora Core 11. However, I can only get one or the
>> other to work, not both at the same time because of some selinux context.
>> Gitosis and repositories are in /home/git
>> When gitosis is working, ssh access, gitweb fails with:
>> SELinux is preventing the gitweb.cgi from using potentially mislabeled
>> (user_home_dir_t). SELinux has denied the gitweb.cgi access to
>> mislabeled files git.
>> This means that SELinux will not allow httpd to use these files. Many
>> party apps install html files in directories that SELinux policy cannot
>> These directories have to be labeled with a file context which httpd can
>> So I execute the suggested command: chcon -t httpd_sys_content_t 'git'.
>> Then I get similar message for gitosis, fix that, and maybe some more
>> mucking around, gitweb finally works.
>> When I get back to work and try to pull/push, I get prompted for the git
>> user's password instead of using the keys.
>> SElinux records this:
>> SELinux is preventing sshd (sshd_t) "search" httpd_sys_content_t
>> So it seems like I can't have both at the same time. Any ideas?
>> Robert Dale
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
Please note that my e-mail address has changed. dave at logicalgeek is
being replaced by sorenson at uffdaa.com
Please update your address books.
More information about the TriLUG