SVN + SELinux + Apache == Problems

Jerry Dueitt mailing.lists.jdueitt at gmail.com
Wed Apr 13 03:04:14 UTC 2005


I have been trying to get a SVN repository set up for access via the
DAV module. I have read that you need to do various things to get this
to work on a Fedora Core 3 system. My repository lives in
/projects/svn-repos/ which is a local filesystem. I have changed group
and owner to apache for all files in that directory with chown -R
apache.apache /projects/svn-repos. This obviously didn't work due to
SELinux security contexts. I found online that I needed to do chcon -R
-h -t httpd_sys_content_t /projects/svn-repos.

I still get the following errors in my /var/log/mesages:
Apr 12 21:50:39 fry kernel: audit(1113360639.475:0): avc:  denied  {
search } for  pid=7147 exe=/usr/sbin/httpd name=/ dev=dm-2 ino=2
scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t
tclass=dir

the errors in /var/log/httpd/error_log are like:
[Tue Apr 12 22:03:03 2005] [error] [client 10.3.1.105] (20014)Error
string not specified yet: Can't open file
'/projects/svn-repos/format': Permission denied
[Tue Apr 12 22:03:03 2005] [error] [client 10.3.1.105] Could not fetch
resource information.  [500, #0]
[Tue Apr 12 22:03:03 2005] [error] [client 10.3.1.105] Could not open
the requested SVN filesystem  [500, #13]
[Tue Apr 12 22:03:03 2005] [error] [client 10.3.1.105] Could not open
the requested SVN filesystem  [500, #13]
[Tue Apr 12 22:03:03 2005] [error] [client 10.3.1.105] File does not
exist: /var/www/html/favicon.ico

my /etc/http/conf.d/subversion.conf looks like:
<Location /svn-repos>
   DAV svn
   SVNPath /projects/svn-repos
</Location>

Most of the information online indicated people were just turning off
SELinux to avoid this problem. I was wondering if anybody could point
me in the direction of resolving this without disabling SELinux.
Thanks!
-Jerry.




More information about the fedora-selinux-list mailing list