[lug] SElinux boolean for webdav/svn
D. Stimits
stimits at comcast.net
Sun Nov 18 12:52:25 MST 2007
I was able to set SElinux boolean httpd_disable_trans to active to allow
regular developers on a CentOS 4 server. It runs yum update every night,
so it updates the targeted policy (which it uses). The regular
developers were able to update some files, others got rejected for
unknown reasons, which is why I disabled part of apache via
httpd_disable_trans.
Now there is a new problem, I believe to be unrelated. Subversion
apache/webdav checkouts work, but subversion checkins are denied. Piping
the message to audit2allow shows:
allow httpd_t httpd_sys_content_t:dir write;
The svn repo is itself under /var/www/ as another subdirectory, and is
what I believe to be properly labeled as httpd_sys_content_t. Ordinary
permissions are fine. Somehow I must either disable SElinux f or this
one place (all of httpd disable is fine with me), or allow it to write
with some means such as a chcon command. Can anyone tell me either which
SElinux boolean would disable SElinux for this svn/webdav setup? Or how
to label the subdirectory as writable? It worked until recently, I think
one of the targeted policy updates broke it.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list