rpms/cgit/devel README.SELinux,1.1,1.2
Todd M. Zullinger
tmz at fedoraproject.org
Sun Mar 15 23:48:14 UTC 2009
Author: tmz
Update of /cvs/extras/rpms/cgit/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2863
Modified Files:
README.SELinux
Log Message:
Update README.SELinux from stable branch
Index: README.SELinux
===================================================================
RCS file: /cvs/extras/rpms/cgit/devel/README.SELinux,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.SELinux 13 Jan 2009 21:48:56 -0000 1.1
+++ README.SELinux 15 Mar 2009 23:47:44 -0000 1.2
@@ -1,24 +1,22 @@
-If you use SELinux, there are a few things you'll need to take care of
-for cgit to work smoothly. (Most of these should be fixed in the
-official selinux-policy packages before cgit makes it into Fedora).
-
-1. Enable the httpd_enable_cgi boolean
- $ setsebool -P httpd_enable_cgi 1
-
-2. Set proper file contexts
- (These should be taken care of in the selinux-policy package before
- cgit makes it into stable Fedora versions.)
-
- a) The cache dir needs to be writable by the cgi
- # semanage fcontext -a -t httpd_sys_content_rw_t "/var/cache/cgit(/.*)?"
-
- b) The git repositories need to be readable by the cgi
- # semanage fcontext -a -t httpd_sys_content_t "/var/lib/git(/.*)?"
-
- If your git repositories are somewhere other than /var/lib/git, use that
- path in the command above. If you have other confined daemons that need
- to access the git repositories, you may want to use public_content_t
- instead of httpd_sys_content_t.
+If you use SELinux, you need to ensure that the httpd_enable_cgi boolean is
+set properly. This can be done via the command line, e.g.:
- c) Run restorecon to update the contexts
- # restorecon -R /var/cache/cgit /var/lib/git
+ # setsebool -P httpd_enable_cgi 1
+
+Or you can use the graphical tool system-config-selinux, via System ->
+Administration -> SELinux Management on the Gnome menu.
+
+Additionally, the git repositories need to be readable by the cgi. This is
+handled automatically for repositories in the default path, /var/lib/git. If
+your repositories are in a different path, /srv/git, for example, you can set
+the proper context using semanage:
+
+ # semanage fcontext -a -t httpd_sys_content_t "/srv/git(/.*)?"
+
+If you have other confined daemons that need to access the git repositories,
+you may want to use public_content_t, or public_content_rw_t instead of
+httpd_sys_content_t.
+
+Then use restorecon to update the contexts:
+
+ # restorecon -RF /srv/git
More information about the fedora-extras-commits
mailing list