Making httpd work with trac and svn
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 13 22:20:14 UTC 2005
Robin Bowes wrote:
> Daniel J Walsh said the following on 13/12/2005 18:49:
>> Robin Bowes wrote:
>>>>> # Needed to allow svnmailer to execute and send commit notifications
>>>>> # using sendmail as httpd user
>>>>> allow httpd_t trac_var_t:file execute;
>>>>> allow httpd_t trac_var_t:file execute_no_trans;
>>>>> allow restorecon_t devpts_t:chr_file getattr;
>>>>> allow httpd_t sbin_t:lnk_file read;
>>> I followed the instructions here  to set up trac to work with SELinux.
>>>  http://projects.edgewall.com/trac/wiki/TracWithSeLinux
>>> trac_var_t is a file type creagted by the SELinux config listed on that
>> Ok from reading that policy, it looks like you would be able to write to
>> those directories, but now you are trying to execute files in those
> Yes. I am running svn hooks. eg. post-commit.
> The post-commit script runs svn-mailer which, in turn, sends mail using
> /usr/sbin/sendmail and also (optionally) includes diffs in the mails
> (hence the need for temp file access).
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
Not sure why you needed smpt since httpd should be allowed to transition
to system_mail_t via sendmail
You chould set the /var/trac directories to httpd_sys_content_t and I
think you will get the execute for free.
More information about the fedora-selinux-list