gitweb

[Andy Green]

Hi folks -

I have migrated a dedicated server from "FC4" (a very strange FC4 with
lilo, xfs-formatted partitions, no selinux, and a Debian kernel)
provided by a 1&1 to F7 with only one outstanding minor selinux problem.
 (The adventures of converting it are documented at
http://warmcat.com/_wp/?p=35 if anyone is interested).

gitweb no longer works properly with selinux in targeted/enforcing mode.

Sep  5 13:23:37 warmcat kernel: audit(1188995017.593:84): avc:  denied
{ read } for  pid=3649 comm="gitweb.cgi" name="cgi-bin" dev=md7
ino=5079272 scontext=system_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=dir

dev=md7 is /var, it seems the inode in question is /var/www/cgi-bin

# ll -Zd /var/www/cgi-bin
drwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t
/var/www/cgi-bin

# ll -Z /var/www/cgi-bin
-rw-r--r--  root apache system_u:object_r:httpd_sys_content_t
git-favicon.png
-rw-r--r--  root apache system_u:object_r:httpd_sys_content_t git-logo.png
drwxr-xr-x  root apache system_u:object_r:httpd_sys_script_exec_t gitweb
-rwxr-xr-x  root apache system_u:object_r:httpd_sys_script_exec_t gitweb.cgi
-rw-r--r--  root apache system_u:object_r:httpd_sys_content_t gitweb.css
-rwxr-xr-x  root apache system_u:object_r:httpd_sys_script_exec_t
gitweb_defaults.pl
-rwxr-xr-x  root apache system_u:object_r:httpd_sys_script_exec_t
gitweb.perl
-rw-r--r--  root apache system_u:object_r:httpd_sys_script_exec_t
projects.list

Does anyone have any advice about the right way to resolve this?

-Andy