rpms/cgit/devel README.SELinux,1.1,1.2

Todd M. Zullinger tmz at fedoraproject.org
Sun Mar 15 23:48:14 UTC 2009 

Author: tmz

Update of /cvs/extras/rpms/cgit/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2863

Modified Files:
	README.SELinux 
Log Message:
Update README.SELinux from stable branch



Index: README.SELinux
===================================================================
RCS file: /cvs/extras/rpms/cgit/devel/README.SELinux,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.SELinux	13 Jan 2009 21:48:56 -0000	1.1
+++ README.SELinux	15 Mar 2009 23:47:44 -0000	1.2
@@ -1,24 +1,22 @@
-If you use SELinux, there are a few things you'll need to take care of
-for cgit to work smoothly.  (Most of these should be fixed in the
-official selinux-policy packages before cgit makes it into Fedora).
-
-1. Enable the httpd_enable_cgi boolean
-   $ setsebool -P httpd_enable_cgi 1
-
-2. Set proper file contexts
-   (These should be taken care of in the selinux-policy package before
-   cgit makes it into stable Fedora versions.)
-
-   a) The cache dir needs to be writable by the cgi
-      # semanage fcontext -a -t httpd_sys_content_rw_t "/var/cache/cgit(/.*)?"
-
-   b) The git repositories need to be readable by the cgi
-      # semanage fcontext -a -t httpd_sys_content_t "/var/lib/git(/.*)?"
-
-      If your git repositories are somewhere other than /var/lib/git, use that
-      path in the command above.  If you have other confined daemons that need
-      to access the git repositories, you may want to use public_content_t
-      instead of httpd_sys_content_t.
+If you use SELinux, you need to ensure that the httpd_enable_cgi boolean is
+set properly.  This can be done via the command line, e.g.:
 
-   c) Run restorecon to update the contexts
-      # restorecon -R /var/cache/cgit /var/lib/git
+   # setsebool -P httpd_enable_cgi 1
+
+Or you can use the graphical tool system-config-selinux, via System ->
+Administration -> SELinux Management on the Gnome menu.
+
+Additionally, the git repositories need to be readable by the cgi.  This is
+handled automatically for repositories in the default path, /var/lib/git.  If
+your repositories are in a different path, /srv/git, for example, you can set
+the proper context using semanage:
+
+    # semanage fcontext -a -t httpd_sys_content_t "/srv/git(/.*)?"
+
+If you have other confined daemons that need to access the git repositories,
+you may want to use public_content_t, or public_content_rw_t instead of
+httpd_sys_content_t.
+
+Then use restorecon to update the contexts:
+
+    # restorecon -RF /srv/git

More information about the fedora-extras-commits mailing list