Serving Mercurial Repositories

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Stott wrote:
> Hi
> 
> I'm quite new to Fedora (and SELinux) but I've been using linux for
> some time and one of the tools I use more or less daily is the
> mercurial scm.  I would like to share (read only) versions of some of
> the repositories I work on to other members of my group.  The
> mercurial team provide a script to do this which (when configured via
> a simple file) can read the configured repository directories
> (scattered about my home directory) and from there generate the web
> interface.
> 
> Currently this fails, because I have policies configured such that
> lighttpd can only read from the public_html directory of home
> directories and I would prefer not to have to change things so that it
> can read all of my home directory.  I would also prefer to avoid the
> need to have 2 copies of the repository on the system, one in my home
> directory and one somewhere else (say /var/hg ) that I can let
> lighttpd read as it desires, since this brings about synchronisation
> issues.
> 
> I thought a solution might be to write a policy for mercurial so that
> all repos are created with a 'mercurial_repo_t' type or similar and
> then allow the lighttpd_t context to read them (it can already search
> home directories) but I am unsure of how to go about implementing such
> a policy, or how it might be done better.
> 
> Any advice would be appreciated,
> Jon
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Why not just label the directory where you want mercurial to be shared
http_*_content_t

Just like public_html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHYaFIrlYvE4MpobMRAijtAKCv6FARdJfSOTgCT7uAXtD+scKoGgCfZmYP
bmVBokULiPWedRovwCocpOM=
=NVAD
-----END PGP SIGNATURE-----