CVS Servers
Daniel B. Thurman
dant at cdkkt.com
Thu Feb 14 18:16:55 UTC 2008
On Wed, 2008-02-13 at 18:23 -0800, Daniel B. Thurman wrote:
> In one of the Fedora CVS server setup, it says that if the
> administrator wants to use a simple pserver remote string
> such as:
>
> export CVSROOT=':pserver:<username>@<systemname>:/cvs'
>
> Then one has to:
>
> 1) /etc/xinetd.d/cvs:
> server_args = -f --allow-root=/cvs pserver
> 2) ln -s /var/cvs /cvs
>
> But the problem here is that SELinux has no context for
> the symbolic link /cvs, therefore deny's access.
>
> I tried setting context for /cvs by:
> 1) chcon -t cvs_data_t
>
> No dice. Does not work.
>
> To see if I can cvs login bypassing Selinux, I tried:
> 1) setenforce 0
> 2) cvs login (successfully)
> 3) setenforce 1
>
> So, what can I do to get SElinux to authorize the /cvs symbolic link
> access to /var/cvs?
>
> Thanks-
> Dan
Apologies to all. It turns out that my email spam system was blocking
me from
receiving email responses I was waiting for! Geez, I will have to add
another
TODO to my list.
To Paul: Can you explain what you mean by: "maybe try a bind mount
instead of a symlink?"
To Stephen: "/sbin/ausearch -i -m AVC"
type=SYSCALL msg=audit(02/13/2008 19:17:32.484:5097) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=8faf660 a1=8000
a2=1b6 a3=8fafa58 items=0 ppid=25427 pid=27015 auid=dant uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
tty=(none) comm=cvs exe=/usr/bin/cvs
subj=system_u:system_r:cvs_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(02/13/2008 19:17:32.484:5097) : avc: denied
{ read } for pid=27015 comm=cvs name=cvs dev=sdb5 ino=49172
scontext=system_u:system_r:cvs_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=lnk_file
Thanks for responding!
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080214/6abb5e66/attachment.htm>
More information about the fedora-selinux-list
mailing list