[Trac-tickets] [The Trac Project] #2736: Better SELinux Directions
The Trac Project
noreply at edgewall.com
Wed Feb 8 18:52:02 CST 2006
#2736: Better SELinux Directions
---------------------------------+------------------------------------------
Reporter: parksnj at cs.tamu.edu | Owner: jonas
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: general | Version: 0.9.3
Severity: normal | Keywords:
---------------------------------+------------------------------------------
Hello, as an NSA SELinux user the directions provided kinda go way over
the the top and rather not needed (not usefull). I admit that our
configurations may be different than yours. However, if you installed
Fedora 3+ with SELinux and did a typical install (or you choose
"everything") you really need just two run a simple command twice:
I do however recommend that you first...
create a group called "shareX" that contains the users of your subversion
share. Then chmod -R apache:shareX /path/to/repo followed up apache NOT
having write permissions "u=rx" and shareX "g=rwx" and others "o=". Do the
same for your trac location (where you did initenv) except u=rwx, o=, g=r
Back to that simple command I mentioned...
you need to use "chcon" or "AKA change context", you can simply google (or
clusty) for the NSA definition behind chcon and what the following lines
do
for your subversion share:
chcon -R -h -t httpd_sys_content_t /var/svn/myrepo
- change the role and context to httpd
for your trac folder
chcon -R system_u:object_r:httpd_sys_script_rw_t /var/opt/repotrac
- so you can write new wiki pages :), notice httpd scripts can rw
That is all
trac and subversion fan
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2736>
The Trac Project <http://trac.edgewall.com/>
More information about the Trac-Tickets
mailing list