[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: CVS Servers
- From: Stephen Smalley <sds tycho nsa gov>
- To: dant cdkkt com
- Cc: Fedora-Selinux-List <fedora-selinux-list redhat com>
- Subject: Re: CVS Servers
- Date: Thu, 14 Feb 2008 07:30:10 -0500
On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote:
> In one of the Fedora CVS server setup, it says that if the
> administrator wants to use a simple pserver remote string
> such as:
>
> export CVSROOT=':pserver:<username>@<systemname>:/cvs'
>
> Then one has to:
>
> 1) /etc/xinetd.d/cvs:
> server_args = -f --allow-root=/cvs pserver
> 2) ln -s /var/cvs /cvs
>
> But the problem here is that SELinux has no context for
> the symbolic link /cvs, therefore deny's access.
>
> I tried setting context for /cvs by:
> 1) chcon -t cvs_data_t
>
> No dice. Does not work.
>
> To see if I can cvs login bypassing Selinux, I tried:
> 1) setenforce 0
> 2) cvs login (successfully)
> 3) setenforce 1
>
> So, what can I do to get SElinux to authorize the /cvs symbolic link
> access to /var/cvs?
What avc denial do you get (/sbin/ausearch -i -m AVC)?
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]