Making httpd work with trac and svn

Daniel J Walsh dwalsh at
Tue Dec 13 22:20:14 UTC 2005

Robin Bowes wrote:
> Daniel J Walsh said the following on 13/12/2005 18:49:
>> Robin Bowes wrote:
>>>>> # Needed to allow svnmailer to execute and send commit notifications
>>>>> # using sendmail as httpd user
>>>>> allow httpd_t trac_var_t:file execute;
>>>>> allow httpd_t trac_var_t:file execute_no_trans;
>>>>> allow restorecon_t devpts_t:chr_file getattr;
>>>>> allow httpd_t sbin_t:lnk_file read;
>>> I followed the instructions here [1] to set up trac to work with SELinux.
>>> [1]
>>> trac_var_t is a file type creagted by the SELinux config listed on that
>>> site.
>> Ok from reading that policy, it looks like you would be able to write to
>> those directories, but now you are trying to execute files in those
>> directories?
> Yes. I am running svn hooks. eg. post-commit.
> The post-commit script runs svn-mailer which, in turn, sends mail using
> /usr/sbin/sendmail and also (optionally) includes diffs in the mails
> (hence the need for temp file access).
> R.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at
Not sure why you needed smpt since httpd should be allowed to transition 
to system_mail_t via sendmail

You chould set the /var/trac directories to httpd_sys_content_t and I 
think you will get the execute for free.


More information about the fedora-selinux-list mailing list