Context Navigation

Modify ↓

#2736 closed enhancement (invalid)

Better SELinux Directions

Reported by:	parksnj@…	Owned by:	Jonas Borgström
Priority:	normal	Milestone:
Component:	general	Version:	0.9.3
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Hello, as an NSA SELinux user the directions provided kinda go way over the the top and rather not needed (not usefull). I admit that our configurations may be different than yours. However, if you installed Fedora 3+ with SELinux and did a typical install (or you choose "everything") you really need just two run a simple command twice:

I do however recommend that you first…

create a group called "shareX" that contains the users of your subversion share. Then chmod -R apache:shareX /path/to/repo followed up apache NOT having write permissions "u=rx" and shareX "g=rwx" and others "o=". Do the same for your trac location (where you did initenv) except u=rwx, o=, g=r

Back to that simple command I mentioned… you need to use "chcon" or "AKA change context", you can simply google (or clusty) for the NSA definition behind chcon and what the following lines do

for your subversion share: chcon -R -h -t httpd_sys_content_t /var/svn/myrepo

change the role and context to httpd

for your trac folder chcon -R system_u:object_r:httpd_sys_script_rw_t /var/opt/repotrac

so you can write new wiki pages :), notice httpd scripts can rw

That is all

trac and subversion fan

Attachments (0)

Change History (1)

comment:1 by Christopher Lenz, 19 years ago

Resolution:	→ invalid
Status:	new → closed

Please just edit the wiki page… this is user-contributed documentation, and if you have any problems or corrections to make, “just do it”.

Modify Ticket

Change Properties

Summary:
Description:	Hello, as an NSA SELinux user the directions provided kinda go way over the the top and rather not needed (not usefull). I admit that our configurations may be different than yours. However, if you installed Fedora 3+ with SELinux and did a typical install (or you choose "everything") you really need just two run a simple command twice: I do however recommend that you first... create a group called "shareX" that contains the users of your subversion share. Then chmod -R apache:shareX /path/to/repo followed up apache NOT having write permissions "u=rx" and shareX "g=rwx" and others "o=". Do the same for your trac location (where you did initenv) except u=rwx, o=, g=r Back to that simple command I mentioned... you need to use "chcon" or "AKA change context", you can simply google (or clusty) for the NSA definition behind chcon and what the following lines do for your subversion share: chcon -R -h -t httpd_sys_content_t /var/svn/myrepo - change the role and context to httpd for your trac folder chcon -R system_u:object_r:httpd_sys_script_rw_t /var/opt/repotrac - so you can write new wiki pages :), notice httpd scripts can rw That is all trac and subversion fan You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jonas Borgström.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: