• 1

Re: svnpostcommit

(Anonymous)
ok, I cut/paste sections from your post into the appropriate files, compiled and installed the .pp and ran restorecon -v -R on the directories. I had to add a few things (from the usual test, audit2allow, compile, retest cycle), shown below, but now it works, and I didn't have to do anything fancy to allow root to edit the script or restorecon to work.

thanks!

any further comments?

---------- svnpostcommit.te ----------
require {
type httpd_t;
# dxc additions
type httpd_tmp_t;
type default_t;
}

...

# dxc additions
allow httpd_svnpostcommit_script_t default_t:dir { search };
allow httpd_svnpostcommit_script_t httpd_tmp_t:dir {
add_name getattr search write
};
allow httpd_svnpostcommit_script_t httpd_tmp_t:file {
create getattr read write
};


Re: svnpostcommit

(Anonymous)
Could you post the policy to upstream at

selinux@tycho.nsa.gov

Thanks.

Dan

  • 1
?

Log in