• 1

Re: svnpostcommit

(Anonymous)
thank you very much for the fast response, looks as if I was correct to ask the expert ;-). I'll copy that here and try it out a little later, maybe tomorrow. for my future reference, where do I look to find out about things like apache_content_template? (btw, I *do* have "selinux by example", but it seems a lot of things have evolved)

meanwhile, did you consider posting something to the svn mailing list? I can tell from searching it that people are clueless, but the hook scripts are generally useful, not just for a dump as I did. the typical response when faced by an selinux issue is to just turn it off, but I don't think that's the right approach, especially with servers like httpd that face the web.

Re: svnpostcommit

(Anonymous)
ok, I cut/paste sections from your post into the appropriate files, compiled and installed the .pp and ran restorecon -v -R on the directories. I had to add a few things (from the usual test, audit2allow, compile, retest cycle), shown below, but now it works, and I didn't have to do anything fancy to allow root to edit the script or restorecon to work.

thanks!

any further comments?

---------- svnpostcommit.te ----------
require {
type httpd_t;
# dxc additions
type httpd_tmp_t;
type default_t;
}

...

# dxc additions
allow httpd_svnpostcommit_script_t default_t:dir { search };
allow httpd_svnpostcommit_script_t httpd_tmp_t:dir {
add_name getattr search write
};
allow httpd_svnpostcommit_script_t httpd_tmp_t:file {
create getattr read write
};


Re: svnpostcommit

(Anonymous)
Could you post the policy to upstream at

selinux@tycho.nsa.gov

Thanks.

Dan

  • 1
?

Log in