Making httpd work with trac and svn
Robin Bowes
robin-lists at robinbowes.com
Tue Dec 13 20:16:34 UTC 2005
Daniel J Walsh said the following on 13/12/2005 18:49:
> Robin Bowes wrote:
>>>> # Needed to allow svnmailer to execute and send commit notifications
>>>> # using sendmail as httpd user
>>>> allow httpd_t trac_var_t:file execute;
>>>> allow httpd_t trac_var_t:file execute_no_trans;
>>>> allow restorecon_t devpts_t:chr_file getattr;
>>>> allow httpd_t sbin_t:lnk_file read;
>>
>> I followed the instructions here [1] to set up trac to work with SELinux.
>>
>> [1] http://projects.edgewall.com/trac/wiki/TracWithSeLinux
>>
>> trac_var_t is a file type creagted by the SELinux config listed on that
>> site.
>
> Ok from reading that policy, it looks like you would be able to write to
> those directories, but now you are trying to execute files in those
> directories?
Yes. I am running svn hooks. eg. post-commit.
The post-commit script runs svn-mailer which, in turn, sends mail using
/usr/sbin/sendmail and also (optionally) includes diffs in the mails
(hence the need for temp file access).
R.
More information about the fedora-selinux-list
mailing list